I have a project which requires me to make a script / sequence of commands to change the root password on a CentOS 7 installation.
I can assume the user that will be executing the script is already root.
Currently, I'm using the following, and getting a success message:
[root@localhost]# echo -e ‘password\npassword’ | (passwd --stdin root)
Changing password for user root.
passwd: all authentication tokens updated successfully.
However, this doesn't actually change the password. Upon further inspection (manually setting the password), I notice the password password
fails a dictionary check, but still reports success at the end:
[root@localhost]# passwd
Changing password for user root.
New password:
BAD PASSWORD: The password fails the dictionary check - it is based on a dictionary word
Retype new password:
passwd: all authentication tokens updated successfully.
One possible solution is to try hashing the given password based on the method and salt provided in /etc/shadow
, but I would like to avoid an overly complicated solution. I could also check whether the value in /etc/shadow
actually changed, but that ignores the case in which the password is set to what it already was, which I would like to support.
Does anyone have a suggestion on trying to validate the password before actually setting it, or, preferably, getting the FULL output from passwd
?