seth vidal
2011-06-01 21:50:31 UTC
Building off some code that Greg wrote I made some changes to make sure
that even the crypted password didn't show up any logs.
http://skvidal.fedorapeople.org/misc/func-change-password.py
This code takes a username, prompts for a password (and confirmation)
then crypts the password using sha512 hash and an os.urandom() salt.
Stuffs the password in a file prefixed by the username and sends the
whole thing over to all of your hosts.
Then uses chpasswd to set those changes.
this came up as a firedrill I had to undertake to change root passwords
globally and quickly.
I liked what Greg had done but I didn't like the idea of even the
crypted logs having the password - so this is the work around.
complaints welcome.
-sv
that even the crypted password didn't show up any logs.
http://skvidal.fedorapeople.org/misc/func-change-password.py
This code takes a username, prompts for a password (and confirmation)
then crypts the password using sha512 hash and an os.urandom() salt.
Stuffs the password in a file prefixed by the username and sends the
whole thing over to all of your hosts.
Then uses chpasswd to set those changes.
this came up as a firedrill I had to undertake to change root passwords
globally and quickly.
I liked what Greg had done but I didn't like the idea of even the
crypted logs having the password - so this is the work around.
complaints welcome.
-sv