Changing Masses of Passwords

As part of your routine security policy, you would like to periodically be able to easily change batches of passwords. Or your network may have been compromised, so you want to change all the passwords yourself and not leave it up to your users.

Use the mass_passwd script. It lets you select batches of users in three different ways:

# mass_passwd

# mass_passwd -g

# mass_passwd -a

The first method uses a simple space-delimited list of logins.

The second method changes the passwords of users belonging to the named groups.

The third method changes every password in /etc/passwd.

Then mass_passwd generates a separate file for each user, containing their new login names and passwords and whatever instructions or policies you choose to include. This is designed to make it easy to print a separate instruction sheet for each user.

You may do a dry run with the -n flag:

# ./mass_passwd -v -g -n usergroup
generating password for dawns…..teivuphu
generating password for nikitah…..kohfahsh
2 password(s) reset – see /root/mass_passwds/mass_passwd.log

No passwords are changed; this just lets you test-drive your options before committing to any changes.