nstpasswd — Manage passwords on a NST distribution.
nstpasswd [
-k
[true]|false
| --keep-ssh [true]|false
] [
-p
[true]|false
| --phrase-prompt [true]|false
] [
-e
[true]|false
| --env-passwd [true]|false
] [
-c
TEXT
| --clear-text TEXT
] [
-r
[true]|false
| --clear-text-random [true]|false
] [
-n
[true]|false
| --clear-text-random-notfound [true]|false
] [ --ssh-permit-root-login TEXT
] [ --restart-sshd-service [true]|false
] [ --passwd-reset [true]|false
] [
-l
FILENAME
| --log FILENAME
] [ --kickstart [true]|false
] [
-h
[true]|false
| --help [true]|false
] [
-H
[true]|false
| --help-long [true]|false
] [
-v
[true]|false
| --verbose [true]|false
] [ --version [true]|false
]
The nstpasswd is used in a NST
distribution to manage the various system passwords found on a
NST system. This script can be used to change the administrative
password for the following: user root, nagiosadmin, NST WUI access,
BackupPC, webmin, sshd, vnc, and smb. It can also
be used to change an individual clear text password variable in
NST configuration file: "/etc/nst.conf" or
randomly update all of the clear text passwords with a randomly
chosen value.
Here is a example of using nstpasswd:
[root@probe ~]#nstpasswdNew NST Password: Retype new password: Changing password for user root. passwd: all authentication tokens updated successfully. Successfully updated password for 'root' in /etc/shadow Successfully updated password for 'root' in /etc/nst/httpd/conf/htuser.nst Successfully updated password for 'nagiosadmin' in /etc/nst/httpd/conf/htuser.nst Successfully updated password for 'root' in /etc/BackupPC/apache.users Successfully updated password for 'root' in /etc/webmin/miniserv.users Successfully Added id_dsa.pub to 'authorized_keys' file for 'vpn' Successfully Added id_rsa.pub to 'authorized_keys' file for 'vpn' Successfully Updated 'authorized_keys' file for 'vpn' Successfully Set 'authorized_keys' file owner and mode Successfully updated password for 'root' in /root/.ssh Successfully updated password for 'root' in /root/.vnc/passwd Successfully updated password for 'root/administrator' in /etc/samba/smbpasswd[root@probe ~]#
This script also checks for accounts which permit logging in. If any of these accounts permit logging in without a password, the new password will be assigned to those accounts as well. For example, on a Live NST boot, the nst user account will be assigned a password on the initial invocation of this script.
The following command line options are available:
-k [true]|false] | [--keep-ssh [true]|false]
By default, the ssh ID files will be regenerated when you run nstpasswd. Use this command line option if you would like to leave your current ssh ID files alone.
-p [true]|false] | [--phrase-prompt [true]|false]
By default, the ssh pass phrase will be set the same as the password. Use this option if you would like to be able to enter a different pass phrase.
-e [true]|false] | [--env-passwd [true]|false]
You can use this option to prevent
the nstpasswd script from prompting the end
user to enter a password. Instead of prompting, the password
will be taken from the QUERY_NSTPASSWD shell
variable. This option is typically used by other scripts which
need to invoke the nstpasswd script, but do
not want any user interaction.
-c TEXT] | [--clear-text TEXT]
This option is used to set the clear text password
of a specific entry in the: "/etc/nst.conf"
configuration file. For example, if you would like to change the
"NSTCTGPSDRIVEPASSWD", you would specify:
"-c NSTCTGPSDRIVEPASSWD".
-r [true]|false] | [--clear-text-random [true]|false]
This option uses
the pwgen utility to generate random
passwords for ALL of the clear text passwords found in:
"/etc/nst.conf". This option is seldom run
by hand, and is most useful after the initial installation. As
clear text passwords are used to allow different applications to
communicate with each other, you should not
run this command after setting up and configuring services. For
example, if you already have mysql
setup and running, if you randomly change all of the clear text
passwords, then applications which rely on finding
the mysql password in
"/etc/nst.conf" may fail.
-n [true]|false] | [--clear-text-random-notfound [true]|false]
This option uses the
pwgen utility to generate random
passwords for ALL reserved clear text passwords not found in the
NST configuration file:
"/etc/nst.conf". This option is seldom run
by hand, and is typically used in the post section during an
nstpasswd
RPM update.
--ssh-permit-root-login TEXT]
This option is used to permit / deny
SSH access for the root
user account. Specify "yes" to permit
SSH root login or specify
"no" to deny access. For an immediate
change to take place, use the
"--restart-sshd-service" option to restart
the SSH service. The file:
"/etc/ssh/sshd_config.d/01-permitrootlogin.conf"
will be updated accordingly.
--restart-sshd-service [true]|false]
This option is used to restart the
SSH service. This option can only be used in
conjunction with the "--ssh-permit-root-login
<yes | no>" option.
--passwd-reset [true]|false]
The first time your run
nstpasswd, after booting the system,
it should set the password of the vpn and
liveuser accounts (if present) to the same
value as the root user account (to prevent
someone from gaining access to the system via these two stock
accounts). However, subsequent invocations of this script will
leave these other user accounts alone (assuming that you are
just managing the root account). If you
always want to reset the passwords on these other accounts (to
match the root account), then you should
specify the "--passwd-reset" option. When
this option is specified, the new password will be applied to
the following accounts on the system (if they exist):
"vpn" and "liveuser".
-l FILENAME] | [--log FILENAME]
This command line option can be used to log the output of commands run to a specific file.
--kickstart [true]|false]
This option is typically used for kickstart usage to force setting application administrative passwords.
-h [true]|false] | [--help [true]|false]
When this option is specified, nstpasswd will display a short one line description of nstpasswd, followed by a short description of each of the supported command line options. After displaying this information nstpasswd will terminate.
-H [true]|false] | [--help-long [true]|false]
This option will attempt to pull up additional
nstpasswd documentation within a text based
web browser. You can force which browser we use setting the
environment variable TEXTBROWSER, otherwise,
we will search for some common ones.
-v [true]|false] | [--verbose [true]|false]
When you set this option to true, nstpasswd will produce additional output. This is typically used for diagnostic purposes to help track down when things go wrong.
--version [true]|false]
If this option is specified, the version number of the script is displayed.
/etc/nst.confFile containing the clear text passwords managed by this script.
/usr/share/nstpasswdDirectory containing resource files used by nstpasswd.
/etc/nst/nstpasswd.confThis configuration file (if present) contains
the current state of the password settings. There are two variables
contained: NSTPASSWD_STATE (for encrypted system
passwords) and NSTCTPASSWD_STATE (for clear text
passwords). Each variable will have a value of
"set" or "initial". A value of
"set" implies that the nstpasswd
command has been run at some point in the past to initialize the associated
passwords. A value of "initial" indicates that
the nstpasswd should be run in order to initialize
the associated passwords. If this file is missing (which is legal),
both variables should be assumed to be in their
"initial" state. This file is used at system boot
time (by the nstboot script) when determining
whether the or not passwords need to be set on the system. This file
is re-written by nstpasswd after successfully
setting the system passwords or scrambling the clear text
passwords.
/etc/ssh/sshd_config.d/01-permitrootlogin.confThis file contains the flag for the SSH service to permit or deny the root user account access.