Forum: Cfengine Help
Subject: Please help with regex format
Author: raymondcox
Link to topic: https://cfengine.com/forum/read.php?3,20900,20900#msg-20900
Hello,
For the past few weeks off and on I have been trying to develop a
solution to keep all of my LINUX and AIX passwords in sync. I had a partially
working solution, but abandoned it because it required too much administrative
overhead (manually updating hashed password values in a reference table).
I found a very good solution on the forum to maintain the LINUX
/etc/shadow file by making a copy of /etc/shadow on a reference system and
using that copy to update all other LINUX systems.
I would like to do the same thing with the /etc/security/passwd file in
AIX, but I am having trouble figuring out how to pull just the password hash
from the file to use to update other systems.
One other solution I have considered using is a small Perl script to
dump the password hash. I have had success in building an array of passwords
for the users I wish to maintain, but I suspect the easier solution is to
figure out the regex to parse the AIX password file.
So far I have tried:
bundle agent passwords {
vars:
"admin_users" slist => { "tstusr1", "tstusr2", "tstusr3", "tstusr4" };
# Perl script /fixes/scripts/cfpasswd dumps the hashed password via function
getpwnam()
"admin_pass[$(admin_users)]" string => execresult("/fixes/scripts/cfpasswd
$(admin_users)","useshell");
"mypasswd" int =>
readstringarray("mypasswd_array","/var/cfengine/cache/cfsec_pass","#[\n]*","=",200,10000);
"mypasswd_user" slist => getindices("mypasswd_array"),
policy => "overridable";
reports:
aix::
"User: $(admin_users) has hashed password: $(admin_pass[$(admin_users)])";
"Found index $(mypasswd_user[$(admin_users):][1])";
}
Which outputs:
R: User: tstusr1 has hashed password: 36KlkpWN/VI7U
R: User: tstusr2 has hashed password: 7f23WTTmyCHg6
R: User: tstusr3 has hashed password: 6Xj8SCmOIx0LQ
R: User: tstusr4 has hashed password: s/ftueLkQ8kyc
R: Found index $(mypasswd_user[1])
R: Found index $(mypasswd_user[1])
R: Found index $(mypasswd_user[1])
R: Found index $(mypasswd_user[1])
I *think the readstringarray() and getindices() functions are the things I want
to use, and I am assuming it is the regex that is holding me up.
If I can just get the hashed password entry from the file I think the rest is
pretty easy.
Am I headed in the right direction, or is there a better solution
The format of the entries in /etc/security/passwd are as follows:
tstusr1:
password = 36KlkpWN/VI7U
lastupdate = 1299165605
flags = ADMCHG
tstusr2:
password = 7f23WTTmyCHg6
lastupdate = 1299165612
flags = ADMCHG
tstusr3:
password = 6Xj8SCmOIx0LQ
lastupdate = 1299165619
flags = ADMCHG
tstusr4:
password = s/ftueLkQ8kyc
lastupdate = 1299165626
flags = ADMCHG
_______________________________________________
Help-cfengine mailing list
[email protected]
https://cfengine.org/mailman/listinfo/help-cfengine
