Welcome to the MacNN Forums.

jmatero · Jul 14, 2004, 11:07 AM

I'm in a bit of a bind...

I'm a system admin and was wondering if there is any way to "push out" a password change (admin/root) on a large scale.

In other words, we have 100+ Macs.... in the event the password for either ADMIN or ROOT (local accounts) is compromised, is there a way to change these passwords without having to go to EACH and EVERY desktop? A script of some kind?

thanks

gorickey · Jul 14, 2004, 02:30 PM

Not entirely sure, but I believe Apple Remote Desktop could help you get this done in a rather painless process...

hayesk · Jul 14, 2004, 02:48 PM

Are all of these machines always on the network? If so, then why not have them authenticate through the server?

wadesworld · Jul 14, 2004, 10:22 PM

Sure, it could easily be done with an expect script. Probably take about 10 minutes for an experienced system admin to write.

Unless you get into central directories, such a script would be necessary on any other type of Unix system too.

Wade

wadesworld · Jul 14, 2004, 10:23 PM

BTW, why is root enabled on the machines? It should be left disabled - there's no reason to enable it.

Wade

ginoledesma · Jul 15, 2004, 12:24 AM

The sysad team I used to work with before implemented something very similar -- we used SSH keybased authentication of the "central" server to do passwordless login. The script on the central server would run, login to the target server, issue the command to change the password, and then logout. Used bash for this.