AIX : Quick script to reset account using ssh

I know this is bread-and-butter AIX admin stuff, but recorded here for quick reference.

I am assuming the server you are running this from has password-less ssh access to the remote target server, here is a quick script to do an AIX user account reset and change of password to something random.

The password set will be logged in this case to /home/troyski/reset-user.sh.log so you can advise the user.

It also checks the target user is not authenticated via AD first.

# Quick script to reset a user account
 
# Declare vars
progname=reset-user.sh
logfile=/home/troyski/${progname}.log
user=$1
node=$2
 
# Declare funcs
gen_password()
{
pass=$(dd if=/dev/urandom bs=16 count=1 2>/dev/null | openssl base64 | sed "s/[=O/\]//g" | cut -b1-8)
}
 
syntax()
{
logmsg "Syntax : $progname [username] [target server]"
exit 1
}
 
logmsg()
{
message=$1
echo "$(date) : $message" | tee -a $logfile
}
 
 
# Script starts here
logmsg ===========================================
logmsg Started
[[ $# -lt 2 || $# -gt 2 ]] && syntax
 
# Ping the target server to make sure it's alive & if it does check the user exists
ssh $node "lsuser $user" >/dev/null 2>&1
RC=$?
case $RC in
        255)    # Host did not resolve
                        logmsg "$node not found"
                        exit 2
                        ;;
        2)              # User did not exist
                        logmsg "$user does not exist on $node"
                        exit 3
                        ;;
        0)              # User and host ok
                        ;;
        *)              # Unhandled error
                        logmsg "Unhandled error : $RC"
                        exit 4
                        ;;
esac
 
# Check the user isn't auth via LDAP
check=$(ssh $node "lsuser -a registry $user")
if [[ "$check" = "$user registry=KRB5files" || "$check" = "$user registry=KRB5Afiles" ]];then
        logmsg "This user auth is AD so I can't reset the password on $node"
        exit 5
fi
 
# Reset the password to a random one and log it
gen_password
ssh $node "chuser unsuccessful_login_count=0 $user"
ssh $node "chuser login=true $user"
ssh $node "echo \"${user}:${pass}\" | chpasswd"
logmsg "Reset $user on $node to $pass"
logmsg Finished

About

I'm a freelance UNIX engineer working in the UK. I'm married to Tina and between us we have six children. I'm a bit of an Apple fan boy, and all the Windows machines in the house are a thing of the past now.

%d bloggers like this: