[Expectperl-discuss] expired passwd in AIX

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi,

I am hoping you can shed some light on my issue.

I am writing a script to manage passwords in a large environment and
have come across a strange

situation. The code I have works fine for Linux, AIX and Sun if one is
simply changing a password.

The issue occurs when one is forced to change a password - specifically
in AIX if a user's password

has been changed by root and the ADMCHG flag is set in
/etc/security/passwd.

When this occurs I have to send each password twice. If I am just
setting the password normally I only have to send it once.

Below is an excerpt for the script. I have run this with debug up and
all the correct events seem to occur. 

Let me know if you want me to post the debug info. 

The $EXPIRED is a global set on login when the expired password is
detected. 

This code runs fine but it's disconcerting that I have to send each
password twice when it's expired.

Any insight would be most appreciated.

Thanks,

Ed

code:

sub change_password

{

      my $exp = shift;

      my $old_pwd = shift;

      my $new_pwd = shift;

      my $rc = 1;

      my $cmd = "passwd";

      $cmd = "passwd -r files" if $OS =~ /SunOS/;

      if(!$EXPIRED)

      {

            $exp->send("$cmd\n");

      }

      $exp->expect($ENV{TIMEOUT},

            [ qr/.*BAD PASSWORD.*$|Authentication token manipulation
error.*$/, sub {

                    my $self = shift;

                    print
"ERROR:set_user_password:".__LINE__.":".($self->match())."\n";

            }],

            [ qr/New password:|New.*password:/i, sub {

                    my $self = shift;

                    $self->send($new_pwd,"\n") if $EXPIRED;

                    $self->send($new_pwd,"\n");

                    exp_continue;

            }],

            [ qr/gain:/i, sub {

                    my $self = shift;

                    $self->send($new_pwd,"\n") if $EXPIRED;

                    $self->send($new_pwd,"\n");

                    exp_continue;

            }],

            [ qr/password:\s?$/i, sub {

                        my $self = shift;

                $self->send("$old_pwd\n") if $EXPIRED;

                $self->send("$old_pwd\n");

                exp_continue;

            }],

                  [ qr/$ENV{PROMPT}/,

                sub {

                    my $self = shift;

                    if($DEBUG >0)

                    {

                        my $foo =  $self->before();

                        $foo .= $self->match();

                        print "--> PROMPT FOUND [".$foo."]\n";

                    }

                              $rc = 0;

                    print "----[ password >$new_pwd< set ]---\n";

                }

            ],

            [ qr/Connection to.*closed/i,

                sub {

                    print "sucess:".__LINE__.": expired pw reset\n" if
$DEBUG>0;

                              $rc = 0;

                }

            ],

            [ qr/Permission denied/i,

               sub {

                    print "password change failed[$old_pwd]\n" if
$DEBUG>0;

                }

            ]

    );

      return $rc;

}

________________________________________________________________________
____

Real Time, adj.

Here and now as opposed to fake time which only occurs there and then.