Dear friends and colleges
Each half year we need to change the password on our redhat Linux servers ,
we have 8723 servers!!! In our company
Is it possible to automate password changing each half year without our involving ?
Regarding the password name – how to know it , so it very simple only one server from all our server will get this password , lets say in /var/pass/pass.txt
Is it wonderful innovation ?
Honestly, with 8723 servers you should already have some automation and configuration management and if you don't: this is a perfect use-case to start introducing it. Resetting local (root) passwords is fairly trivial to automate with tools Puppet, chef, Ansible, Red Hat Satellite etc.
Alternatives:
Replace local (management) accounts with centralised authentication in the form of LDAP, FreeIPA, radius or even AD. That results in only a single place where to enforce password policies and/or reset passwords for your admins and users.
Configure sudo with access rights based on group membership and nobody needs to know or use the actual root password(s) anymore, negating the need both set a valid/known root password or to ever change that password.
In the rare cases that you would need actual root access you can boot in single user mode or from a rescue image (or follow the RHEL7 root password recovery procedure )
If you do need valid root paswords look in to privileged password management software which automates securely storing passwords and controlling access to them. Typically such a system will also periodically reset privileged account passwords and after an admin was granted access to a system such software will also reset the password again, to deny the admin future access
