| 1 | .TH PASSMASS 1 "7 October 1993" |
| 2 | .SH NAME |
| 3 | passmass \- change password on multiple machines |
| 4 | .SH SYNOPSIS |
| 5 | .B passmass |
| 6 | [ |
| 7 | .I host1 host2 host3 ... |
| 8 | ] |
| 9 | .SH INTRODUCTION |
| 10 | .B Passmass |
| 11 | changes a password on multiple machines. If you have accounts on |
| 12 | several machines that do not share password databases, Passmass can |
| 13 | help you keep them all in sync. This, in turn, will make it easier to |
| 14 | change them more frequently. |
| 15 | |
| 16 | When Passmass runs, it asks you for the old and new passwords. |
| 17 | (If you are changing root passwords and have equivalencing, the old |
| 18 | password is not used and may be omitted.) |
| 19 | |
| 20 | Passmass understands the "usual" conventions. Additional arguments |
| 21 | may be used for tuning. They affect all hosts which follow until |
| 22 | another argument overrides it. For example, if you are known as |
| 23 | "libes" on host1 and host2, but "don" on host3, you would say: |
| 24 | |
| 25 | passmass host1 host2 -user don host3 |
| 26 | |
| 27 | Arguments are: |
| 28 | .RS |
| 29 | .TP 4 |
| 30 | -user |
| 31 | User whose password will be changed. By default, the current user is used. |
| 32 | |
| 33 | .TP 4 |
| 34 | -rlogin |
| 35 | Use rlogin to access host. (default) |
| 36 | |
| 37 | .TP 4 |
| 38 | -slogin |
| 39 | Use slogin to access host. |
| 40 | |
| 41 | .TP 4 |
| 42 | -ssh |
| 43 | Use slogin to access host. |
| 44 | |
| 45 | .TP 4 |
| 46 | -telnet |
| 47 | Use telnet to access host. |
| 48 | |
| 49 | .TP 4 |
| 50 | -program |
| 51 | |
| 52 | Next argument is a program to run to set the password. Default is |
| 53 | "passwd". Other common choices are "yppasswd" and "set passwd" (e.g., |
| 54 | VMS hosts). A program name such as "password fred" can be used to |
| 55 | create entries for new accounts (when run as root). |
| 56 | |
| 57 | .TP 4 |
| 58 | -prompt |
| 59 | Next argument is a prompt suffix pattern. This allows |
| 60 | the script to know when the shell is prompting. The default is |
| 61 | "# " for root and "% " for non-root accounts. |
| 62 | |
| 63 | .TP 4 |
| 64 | -timeout |
| 65 | Next argument is the number of seconds to wait for responses. |
| 66 | Default is 30 but some systems can be much slower logging in. |
| 67 | |
| 68 | .TP 4 |
| 69 | -su |
| 70 | |
| 71 | Next argument is 1 or 0. If 1, you are additionally prompted for a |
| 72 | root password which is used to su after logging in. root's password |
| 73 | is changed rather than the user's. This is useful for hosts which |
| 74 | do not allow root to log in. |
| 75 | |
| 76 | .SH HOW TO USE |
| 77 | The best way to run Passmass is to put the command in a one-line shell |
| 78 | script or alias. Whenever you get a new account on a new machine, add |
| 79 | the appropriate arguments to the command. Then run it whenever you |
| 80 | want to change your passwords on all the hosts. |
| 81 | |
| 82 | .SH CAVEATS |
| 83 | |
| 84 | Using the same password on multiple hosts carries risks. In |
| 85 | particular, if the password can be stolen, then all of your accounts |
| 86 | are at risk. Thus, you should not use Passmass in situations where |
| 87 | your password is visible, such as across a network which hackers are |
| 88 | known to eavesdrop. |
| 89 | |
| 90 | On the other hand, if you have enough accounts with different |
| 91 | passwords, you may end up writing them down somewhere - and |
| 92 | .I that |
| 93 | can be a security problem. Funny story: my college roommate had an |
| 94 | 11"x13" piece of paper on which he had listed accounts and passwords |
| 95 | all across the Internet. This was several years worth of careful work |
| 96 | and he carried it with him everywhere he went. |
| 97 | Well one day, he forgot to remove it from his jeans, and we found a |
| 98 | perfectly blank sheet of paper when we took out the wash the following |
| 99 | day! |
| 100 | .SH SEE ALSO |
| 101 | .I |
| 102 | "Exploring Expect: A Tcl-Based Toolkit for Automating Interactive Programs" |
| 103 | \fRby Don Libes, |
| 104 | O'Reilly and Associates, January 1995. |
| 105 | .SH AUTHOR |
| 106 | Don Libes, National Institute of Standards and Technology |