It appears you have a slight misunderstanding on indices, etc. Here's how I
would rewrite your code (I didn't test, but you seemed to have a spurious : and
the wrong slist indexing the wrong array (there is no mypasswd_user array, it
is the slist into the mypasswd_array array):
bundle agent passwords {
vars:
"admin_users" slist => { "tstusr1", "tstusr2", "tstusr3", "tstusr4" };
# Perl script /fixes/scripts/cfpasswd dumps the hashed password via function
getpwnam()
"admin_pass[$(admin_users)]" string => execresult("/fixes/scripts/cfpasswd
$(admin_users)","useshell");
"mypasswd" int =>
readstringarray("mypasswd_array","/var/cfengine/cache/cfsec_pass","#[\n]*","=",200,10000);
"mypasswd_user" slist => getindices("mypasswd_array"),
policy => "overridable";
reports:
aix::
"User: $(admin_users) has hashed password: $(admin_pass[$(admin_users)])";
"Found index $(mypasswd_array[$(mypasswd_user)][1])";
}
On Mar 3, 2011, at 10:30 AM, [email protected] wrote:
> Forum: Cfengine Help
> Subject: Please help with regex format
> Author: raymondcox
> Link to topic: https://cfengine.com/forum/read.php?3,20900,20900#msg-20900
>
> Hello,
>
> For the past few weeks off and on I have been trying to develop a
> solution to keep all of my LINUX and AIX passwords in sync. I had a partially
> working solution, but abandoned it because it required too much
> administrative overhead (manually updating hashed password values in a
> reference table).
>
> I found a very good solution on the forum to maintain the LINUX
> /etc/shadow file by making a copy of /etc/shadow on a reference system and
> using that copy to update all other LINUX systems.
>
> I would like to do the same thing with the /etc/security/passwd file
> in AIX, but I am having trouble figuring out how to pull just the password
> hash from the file to use to update other systems.
>
> One other solution I have considered using is a small Perl script to
> dump the password hash. I have had success in building an array of passwords
> for the users I wish to maintain, but I suspect the easier solution is to
> figure out the regex to parse the AIX password file.
>
>
> So far I have tried:
>
>
> bundle agent passwords {
> vars:
>
> "admin_users" slist => { "tstusr1", "tstusr2", "tstusr3", "tstusr4" };
> # Perl script /fixes/scripts/cfpasswd dumps the hashed password via function
> getpwnam()
> "admin_pass[$(admin_users)]" string => execresult("/fixes/scripts/cfpasswd
> $(admin_users)","useshell");
>
> "mypasswd" int =>
> readstringarray("mypasswd_array","/var/cfengine/cache/cfsec_pass","#[\n]*","=",200,10000);
> "mypasswd_user" slist => getindices("mypasswd_array"),
> policy => "overridable";
>
> reports:
>
> aix::
> "User: $(admin_users) has hashed password: $(admin_pass[$(admin_users)])";
> "Found index $(mypasswd_user[$(admin_users):][1])";
> }
>
>
> Which outputs:
>
>
> R: User: tstusr1 has hashed password: 36KlkpWN/VI7U
> R: User: tstusr2 has hashed password: 7f23WTTmyCHg6
> R: User: tstusr3 has hashed password: 6Xj8SCmOIx0LQ
> R: User: tstusr4 has hashed password: s/ftueLkQ8kyc
> R: Found index $(mypasswd_user[1])
> R: Found index $(mypasswd_user[1])
> R: Found index $(mypasswd_user[1])
> R: Found index $(mypasswd_user[1])
>
>
>
> I *think the readstringarray() and getindices() functions are the things I
> want to use, and I am assuming it is the regex that is holding me up.
>
> If I can just get the hashed password entry from the file I think the rest is
> pretty easy.
>
> Am I headed in the right direction, or is there a better solution
>
> The format of the entries in /etc/security/passwd are as follows:
>
>
> tstusr1:
> password = 36KlkpWN/VI7U
> lastupdate = 1299165605
> flags = ADMCHG
>
> tstusr2:
> password = 7f23WTTmyCHg6
> lastupdate = 1299165612
> flags = ADMCHG
>
> tstusr3:
> password = 6Xj8SCmOIx0LQ
> lastupdate = 1299165619
> flags = ADMCHG
>
> tstusr4:
> password = s/ftueLkQ8kyc
> lastupdate = 1299165626
> flags = ADMCHG
>
>
>
> _______________________________________________
> Help-cfengine mailing list
> [email protected]
> https://cfengine.org/mailman/listinfo/help-cfengine
_______________________________________________
Help-cfengine mailing list
[email protected]
https://cfengine.org/mailman/listinfo/help-cfengine
