nstpasswd — Manage passwords on a NST distribution.


nstpasswd [ -k [true]|false | --keep-ssh [true]|false ] [ -p [true]|false | --phrase-prompt [true]|false ] [ -e [true]|false | --env-passwd [true]|false ] [ -c TEXT | --clear-text TEXT ] [ -r [true]|false | --clear-text-random [true]|false ] [ --passwd-reset [true]|false ] [ -l FILENAME | --log FILENAME ] [ --kickstart [true]|false ] [ -h [true]|false | --help [true]|false ] [ -H [true]|false | --help-long [true]|false ] [ -v [true]|false | --verbose [true]|false ] [ --version [true]|false ]


The nstpasswd is used in a NST distribution to manage the various system passwords found on a NST system. This script can be used to change the administrative password for the following: user root, nagiosadmin, nstwui, BackupPC, webmin, sshd, vnc, smb and ntop web access. It can also be used to change an individual clear text password variable in NST configuration file: "/etc/nst.conf" or randomly update all of the clear text passwords with a randomly chosen value.

Here is a example of using nstpasswd:

[root@probe ~]# nstpasswd
New NST Password: 
Retype new password: 
Successfully updated password for 'root' in /etc/shadow
Successfully updated password for 'root' in /etc/nst/httpd/conf/htuser.nst
Successfully updated password for 'nagiosadmin' in /etc/nst/httpd/conf/htuser.nst
Successfully updated password for 'root' in /etc/BackupPC/apache.users
Successfully updated password for 'root' in /etc/webmin/miniserv.users
Successfully updated password for 'root' in /root/.ssh
Successfully updated password for 'root' in /root/.vnc/passwd
Successfully updated password for 'root/administrator' in /etc/samba/smbpasswd
Wed May 13 19:41:47 2009  NOTE: Interface merge enabled by default
Wed May 13 19:41:47 2009  Initializing gdbm databases
Wed May 13 19:41:47 2009  Admin user password has been set
Successfully updated password for 'admin' in /var/lib/ntop/ntop_pw.db
[root@probe ~]# 


This script also checks for accounts which permit logging in. If any of these accounts permit logging in without a password, the new password will be assigned to those accounts as well. For example, on a Live NST boot, the nst user account will be assigned a password on the initial invocation of this script.


The following command line options are available:

[-k [true]|false] | [--keep-ssh [true]|false]

By default, the ssh ID files will be regenerated when you run nstpasswd. Use this command line option if you would like to leave your current ssh ID files alone.

[-p [true]|false] | [--phrase-prompt [true]|false]

By default, the ssh pass phrase will be set the same as the password. Use this option if you would like to be able to enter a different pass phrase.

[-e [true]|false] | [--env-passwd [true]|false]

You can use this option to prevent the nstpasswd script from prompting the end user to enter a password. Instead of prompting, the password will be taken from the QUERY_NSTPASSWD shell variable. This option is typically used by other scripts which need to invoke the nstpasswd script, but do not want any user interaction.

[-c TEXT] | [--clear-text TEXT]

This option is used to set the clear text password of a specific entry in the: "/etc/nst.conf" configuration file. For example, if you would like to change the "NSTCTGPSDRIVEPASSWD", you would specify: "-c NSTCTGPSDRIVEPASSWD".

[-r [true]|false] | [--clear-text-random [true]|false]

This option uses the pwgen utility to generate random passwords for ALL of the clear text passwords found in: "/etc/nst.conf". This option is seldom run by hand, and is most useful after the initial installation. As clear text passwords are used to allow different applications to communicate with each other, you should not run this command after setting up and configuring services. For example, if you already have mysql setup and running, if you randomly change all of the clear text passwords, then applications which rely on finding the mysql password in "/etc/nst.conf" may fail.

[--passwd-reset [true]|false]

The first time your run nstpasswd, after booting the system, it should set the password of the vpn and liveuser accounts (if present) to the same value as the root user account (to prevent someone from gaining access to the system via these two stock accounts). However, subsequent invocations of this script will leave these other user accounts alone (assuming that you are just managing the root account). If you always want to reset the passwords on these other accounts (to match the root account), then you should specify the "--passwd-reset" option. When this option is specified, the new password will be applied to the following accounts on the system (if they exist): "vpn" and "liveuser".

[-l FILENAME] | [--log FILENAME]

This command line option can be used to log the output of commands run to a specific file.

[--kickstart [true]|false]

This option is typically used for kickstart usage to force setting application administrative passwords.

[-h [true]|false] | [--help [true]|false]

When this option is specified, nstpasswd will display a short one line description of nstpasswd, followed by a short description of each of the supported command line options. After displaying this information nstpasswd will terminate.

[-H [true]|false] | [--help-long [true]|false]

This option will attempt to pull up additional nstpasswd documentation within a text based web browser. You can force which browser we use setting the environment variable TEXTBROWSER, otherwise, we will search for some common ones.

[-v [true]|false] | [--verbose [true]|false]

When you set this option to true, nstpasswd will produce additional output. This is typically used for diagnostic purposes to help track down when things go wrong.

[--version [true]|false]

If this option is specified, the version number of the script is displayed.



File containing the clear text passwords managed by this script.


Directory containing resource files used by nstpasswd.


This configuration file (if present) contains the current state of the password settings. There are two variables contained: NSTPASSWD_STATE (for encrypted system passwords) and NSTCTPASSWD_STATE (for clear text passwords). Each variable will have a value of "set" or "initial". A value of "set" implies that the nstpasswd command has been run at some point in the past to initialize the associated passwords. A value of "initial" indicates that the nstpasswd should be run in order to initialize the associated passwords. If this file is missing (which is legal), both variables should be assumed to be in their "initial" state. This file is used at system boot time (by the nstboot script) when determining whether the or not passwords need to be set on the system. This file is re-written by nstpasswd after successfully setting the system passwords or scrambling the clear text passwords.



This controls what text based browser is used to display help information about the script. If not set, we will search your system for available text-based browsers (Ex: elinks, lynx ...).

See Also

nstboot(1), passwd(1), pwgen(1), Network Security Toolkit