3

I want to automate slappasswd, but the following does not work:

[root@controller ~]# echo -e "vagrant\nvagrant\n" | slappasswd New password:

while it works to automate passwd:

[root@controller ~]# echo -e "vagrant\nvagrant\n" | passwd vagrant Changing password for user vagrant. New password: BAD PASSWORD: The password is shorter than 8 characters Retype new password: passwd: all authentication tokens updated successfully.

Questions

  1. Why does this method not work to automate slappasswd?
  2. How to automate slappasswd?
Improve this question

2 Answers 2

Reset to default
4

According to this manpage you can provide the password as an argument:

slappasswd -s vagrant

Otherwise slappasswd reads from the tty and not stdin to get a new password. You can use something like expect to talk to it in this case.

Improve this answer
3
  • Be careful when writing passwords as a command argument. Anyone on the system can use ps to see your command line arguments, and the command gets stored in your shell history fole Commented Jun 21, 2015 at 19:21
  • @atk Perhaps you could post a safer alternative Commented Jun 21, 2015 at 19:37
  • @185140777 heredoc and disabling command history usually solves it. I don't have a system handy to test, and encourage others to post such a solution. Commented Jun 21, 2015 at 20:01
0

(An alternative to my answer). Programs that expect user interaction on /dev/tty rather than just reading stdin can be handled with the expect command, which uses the tcl language. For example, assuming you have expect in /usr/bin/expect, create a file setuserpw holding this:

#!/usr/bin/expect -f expect_user -re "(\[^ \]+) (\[^ \]+)\n" set user $expect_out(1,string) set pw $expect_out(2,string) spawn passwd $user expect "password:" send "$pw\r" expect "password:" send "$pw\r" expect eof

and dont forget to make it executable

chmod +x ./setuserpw

The script reads stdin for two words on a line, and sets variables user and pw to these. It then runs (spawn) the passwd program for the user, connecting via a pseudo tty (see man pty). It reads its output for a prompt matching "password:". It then sends the password to the program, and does the same again (assuming the program asks you for the password twice). For example:

./setuserpw <<! user1 passwd1 !

In your case, replace passwd by slappasswd, and verify the prompts you get correspond to those in this example.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.