Password Change Examples
- Have a credential created.
Change Domain Credential
Go to Executions ➔ Settings ➔ templates, create a new template, or copy the "AD - Change User Password" template.
In the execution template select the LDAP executor and define Execution type as Change password
In this example it would be to change the senhaADM password user, in the content add:
# Protocol Version
set-option LDAP_OPT_PROTOCOL_VERSION 3
set-option LDAP_OPT_REFERRALS 3
# Execute Bind
bind "cn=[#AUTH_USER#],CN=Users,DC=senhasegura,DC=com"
# Locate User Entry
find "DC=senhasegura,DC=com" (&(objectClass=user)(sAMAccountName=[#USERNAME#]))
# Change Password
mod-replace unicodePwd "u([#NEW_PASSWORD#])"
*Note that the CN=Users,DC=senhasegura,DC=com in the bind should be replaced by the DN (distinguished name) where the credential that will execute the change exists.
In the find replace the "DC=senhasegura,DC=com" with the DN (distinguished name) where the credential senhaADM exists.
Go to the credential that will be changed in PAM Core ➔ Credentials ➔ All and click edit.
Go to Execution Settings Tab to enable the automatic change and select the changed plugin to LDAP and Change the template to the one created in the steps before.
Define if the change will be done through the credential itself or another service user credential in the Authentication settings
Now any time that one of the triggers is activated the password of this credential is going to be changed.
Change Linux User
- Go to Executions ➔ Settings ➔ templates, create a new template, or copy the "Change Password" template, which will be used in this example.
senhasegura have already four different templates to be used with linux environment to change:
- Own Password
- Password
- Password As Root
- Password Change via Sudoers
Choose the one which will fit best for your purpose.
In the execution template select the SSH executor and define Execution type as Change password
In this example it would be to change the senhaADM password user, in the content add:
# Define english as default language
expect-regex "/[$|#|>]/"
exec "export LC_ALL=C"
# Clear sudo session
expect-regex "/[$|#|>]/"
exec "sudo -k"
# Execute password change
expect-regex "/[$|#|>]/"
exec "sudo passwd -r files [#USERNAME#]"
# Set new password
expect "*password:"
exec "[#NEW_PASSWORD#]"
# Confirm new password
expect "*password:"
exec "[#NEW_PASSWORD#]"
# Confirm password change
expect "*successfully"
# Exit
expect-regex "/[$|#|>]/"
exec "exit"
end
Now go to the credential that will be changed in PAM Core ➔ Credentials ➔ All and click edit.
Go to Execution Settings Tab to enable the automatic change and select the changed plugin to SSH and choose the template created in the steps before.
Define if the change will be done through the credential itself or another service user credential in the Authentication settings
Now any time that one of the triggers is activated the password of this credential is going to be changed.