Guys, I wanna do this. I have to create a batch of users and I dont want to create each manually. I would like to write a script that creates user accounts from the info in a file. Till here, I am fine. I also would like to integrate creating an initial password based on the info in the file. I can create a password for each user id. But i dont want my script to stop for every user and prompt for password. I would like to pass the value I have for in a variable as the password. How do I do this? Urgent!! Your help is appreciated.

The way I do this is by modifying the /etc/passwd file directly (Works fine on every Unix I know...) The only problem is that you have to modify (via sed) the line of your new user, and that tou have to put an encrypted password. To do so, I've created a small C program that uses the "crypt" function, and which crypts the password which i can then write into the /etc/passwd. Hope this could help... Xavier

In Solaris /etc/shadow file contains the encrypted string (13 chars) which is called password. Are you sure that the password is stored in /etc/passwd?

Sorry, i've forgotten this #@!&@ /etc/shadow file. But I'm quite sure (Let me say 99%) that u can put the passwd in /etc/passwd whether you don't put anything in the /etc/shadow. The OS looks first in the /etc/shadow, and then in the /etc/passwd... We've done such things here, to automatically change some passwords.

Thanks, I got that to working using shell script and expect.

The following paragraph is taken from “ Extending Authentication in the Solaris ™ 9 Operating Environment Using Pluggable Authentication Modules (PAM)” - A Technical White Paper, 2002 SUN Microsystems inc. -------------- How UNIX ® Passwords Work Passwords are created with the Solaris OE passwd command. This command prompts for a (new) password, which the user enters as a text string. In previous versions of the Solaris OE, this text string is then hashed — or one--way encrypted — using the crypt((3c)algorithm. The result is stored either in /etc/shadow or in the passwd.byname and passwd.byuid NIS maps. If the NIS+ naming service is used, the results are stored in the Passwd and Cred table type. The crypt (3c) algorithm is provided with a random seed, known as a salt string , so that the result will be different each time the passwd command is run, even if the same text string is used. When a user logs in, the Solaris login program challenges that user to provide a password. This password is hashed in the same manner as the passwd command. If the output from this process matches the output stored in the password database, the user is considered to have been authenticated. -------------- PAM Module (Unix Authentication) pam_ sm_ authenticate() { pamh-> conversation(); /* prompt for user name */ getpwnam(); /* check to see if user name valid */ getspnam(); /* obtain encrypted password */ pamh-> conversation(); /* prompt for password */ crypt(); /* compare passwords */ if (password incorrect) return (PAM_ AUTH_ ERR); else return (PAM_ SUCCESS); } -------------- Hi Xavier, you wrote “The OS looks first in the /etc/shadow, and then in the /etc/passwd”. If we look at the above SUN’s article, we find that encrypted password is stored either in /etc/shadow or in the passwd.byname and passwd.byuid NIS maps and at the time of user login, that encrypted passwd is obtained by getspnam() function. It is very clear that for Unix authentication, the authentication module does not look in the /etc/passwd file, it looks in the shadow database of active name service such as /etc/shadow for local name service. If we put password string in /etc/passwd file in place of X(2nd field) and leave the encrypted string placeholder (2nd field) in /etc/shadow file empty and try to login, the effect will be same as keep the password string as “cleared until first login”. But at that stage, if we execute pwconv command, it will replace the 2nd field of /etc/shadow with that password string and replace the string in /etc/password with x. That is what my poor understanding at this moment. I would appreciate if you explain little more so that we all learn together.