i'm wondering of an easy way to automate a password change for the admin accounts on a number of machines. I know that this is controlled in the NetInfo database, however I am unsure how to do this.
I think (but am far from certain about this) that for passwords the standard UNIX CLI tools may be used (i.e. instead of NetInfo). I say this because i don't think NetInfo changes the way passwords are stored or handled, unlike DNS and other NetInfo related items. If this is true, then you have the option of using either shell scripts, or an AppleScript (which can call shell commands).
Be all that as it may, you may want to rethink your password strategy. While you often hear the mantra "change passwords frequently," that's not necessarily the best nor most secure advice. As regards security and passwords, the two most important factors are difficulty of cracking/guessing, and secrecy.
The rationale for changing passwords frequently is the assumption that your password may have been compromised by an onlooker overseeing it typed it in, or it was told to someone. The downside to this policy is that it encourages people to choose simple, easy to remember passwords (i.e.: easily cracked passwords, and easily remembered if overseen). Choosing a difficult to crack password, and teaching people not to give up their passwords through social engineering, probably does more to secure passwords than frequently changing them.
A difficult to crack password should
not conisist of a word (or combination of words) in
any dictionary in
any language, and it should contain at least 3 non-alphanumeric characters, such as punctuation marks. Ideally it should contain more than 8 characters (if possible). While such a password might seem difficult to remember, one can create mnemonics to remember such a password (e.g. taking the first letter of each word in an easily remembered sentence.)
A hardened password such as this, which is rarely changed, is likely more secure than any simple password (e.g. a word from the dictionary, a name, a birth date, an address, or any of the previous backwards, etc.). Of course
any password is compromised if it is given up by social engineering.
SSH is set up so that remote access is not a problem.
Hopefully you're using public key pairs for authentication, and have turned
off password access for SSH. This is the most secure way to configure an SSH server (as public key pairs are orders of magnitude more secure than even hardened passwords; also, a
single compromised password could compromise the entire machine accepting SSH connections). You may optionally password protect the private key, for added security (this is only useful in the event your private key is ever stolen, however).
Top