linux_wiki:freeipa_user_password_reset

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

linux_wiki:freeipa_user_password_reset [2016/11/26 22:54]
127.0.0.1 external edit
linux_wiki:freeipa_user_password_reset [2019/05/25 23:50]
Line 1: Line 1:
-====== FreeIPA Password Reset ====== 
- 
-**General Information** 
- 
-Script that sets an IPA account to a random string and e-mails it to the user with instructions for setting a new password. 
- 
-**Checklist** 
-  * Distro(s):Enterprise Linux 6/7 
-  * Other: [[http://www.unixmen.com/configure-freeipa-server-centos-7/|FreeIPA Server Installed]] (script runs there) 
- 
----- 
- 
-====== The Script ====== 
- 
-Run this script from your FreeIPA server 
-<code bash user-password-reset.sh> 
-#!/bin/bash 
-# Name: user-password-reset.sh 
-# Description: Reset a user's password to something random and e-mail them. 
-# Last Updated: 2016-11-02 
-# Recent Changes:-Added ipa user-unlock to reset steps 
-#                -Added argument support for help and username passing 
-############################################################################################### 
- 
-##### Customize These Variables ##### 
-# admin credentials 
-admin_user="admin" 
- 
-# system admins email 
-system_admins_email="sysadmins@example.com" 
- 
-# self-service portal URL 
-self_service_portal="https://ipaserver.example.com/ipa/ui/" 
- 
-# Temp file for e-mail message 
-pass_reset_email="/root/ldap-scripts/tmp/user-password-reset_email" 
-##### End of Customize Variables ##### 
- 
-#===================================== 
-# Functions; Main starts after 
-#===================================== 
-function show_usage 
-{ 
-  echo -e "\n==== IPA: User Password Reset ====" 
-  echo -e "\nDescripton: Reset a user's password to something random, enable the account and e-mail them." 
-  echo -e "\n--Usage--" 
-  echo -e "./user-password-reset.sh [OPTIONS]" 
-  echo -e "\n-OPTIONS-" 
-  echo -e "-h                    => Display usage." 
-  echo -e "-u username           => Username to reset." 
-  echo -e "\n--Other Requirements--" 
-  echo -e "-> FreeIPA admin access." 
-  echo -e 
-} 
- 
-#======================= 
-# Get Script Arguments 
-#======================= 
-# Reset POSIX variable in case it has been used previously in this shell 
-OPTIND=1 
- 
-while getopts "hu:" opt; do 
-  case "${opt}" in 
-    h) # -h (help) argument 
-      show_usage 
-      exit 0 
-    ;; 
-    u) # -u (username) argument 
-      username="${OPTARG}" 
-    ;; 
-    *) # invalid argument 
-      show_usage 
-      exit 0 
-    ;; 
-  esac 
-done 
- 
-#================== 
-# Main Starts Here 
-#================== 
- 
-# Pre-check - see if we have a kerberos ticket, if not, prompt login 
-/usr/bin/klist -s 
-if [[ $? -ne 0 ]]; then 
-  echo ">>No kerberos ticket found for (${admin_user}), login as ${admin_user} now:" 
-  /usr/bin/kinit ${admin_user} 
-  echo 
-fi 
- 
-echo -e "======================================================" 
-echo -e "####============ IPA: Password Reset =============####" 
-echo -e "======================================================" 
-echo 
-echo -e "This script will set a user's password to something random and e-mail it to them.\n" 
- 
-## If no username argument password, prompt for username 
-if [[ -z "${username}" ]]; then 
-  echo -en "=>Username: " 
-  read username 
-  echo 
-fi 
- 
-## Show user info and prompt to reset 
-/usr/bin/ipa user-show ${username} 
-echo -e "\n=>Generate a new random password for ${username}?[y/n]:\c" 
-read reset_password 
- 
-if [[ ${reset_password} != "y" ]]; then 
-  echo -e "\n>>Will not reset password for ${username}. Exiting..." 
-  exit 1 
-fi 
- 
-## Ensure account is enabled 
-echo -e "\n>>Ensuring account is enabled..." 
-/usr/bin/ipa user-enable ${username} 
- 
-## Ensure account is unlocked 
-echo -e "\n>>Ensuring account is unlocked..." 
-/usr/bin/ipa user-unlock ${username} 
- 
-## Generate a random password, get user's e-mail address and first name 
-echo -e "\n>>Setting a random password for ${username}..." 
-random_password="$(/usr/bin/ipa user-mod ${username} --random | grep "Random password" | awk '{print $3}')" 
- 
-## Gather first name and email address 
-name_email="$(/usr/bin/ipa user-show ${username} | grep -E "(First name|Email address)" | awk '{print $3}')" 
-first_name="$(echo $name_email | awk '{print $1}')" 
-email_address="$(echo $name_email | awk '{print $2}')" 
- 
-## Create password reset e-mail file to send user 
-echo "${first_name}," > ${pass_reset_email} 
-echo -e "\nHere is your new temporary password for your Linux account (${username}): \n" >> ${pass_reset_email} 
-echo ${random_password} >> ${pass_reset_email} 
- 
-echo -e "\nLogin with the above temporary password to one of the systems that you have access to." >> ${pass_reset_email} 
- 
-echo -e "\nAlternatively, login to the self-service portal: ${self_service_portal}" >> ${pass_reset_email} 
-  
-echo -e "\nAfter you login with the above temporary password, you will be prompted to change it." >> ${pass_reset_email} 
- 
-echo -e "\nYour new password requirements are:" >> ${pass_reset_email} 
-echo ">At least 12 characters in length" >> ${pass_reset_email} 
-echo ">At least 3 types of characters from the following categories:" >> ${pass_reset_email} 
-echo "--Upper case letters" >> ${pass_reset_email} 
-echo "--Lower case letters" >> ${pass_reset_email} 
-echo "--Numbers" >> ${pass_reset_email} 
-echo "--Special Characters" >> ${pass_reset_email} 
- 
-echo -e "\nIf you have any questions, please contact your System Administrators." >> ${pass_reset_email} 
-echo -e "\n----\nSystem Administrators" >> ${pass_reset_email} 
-echo "${system_admins_email}" >> ${pass_reset_email} 
- 
-## E-mail User the random password with login instructions 
-echo -e "\n>>E-mailing ${email_address} the contents of (${pass_reset_email})..." 
-/usr/bin/mail -s "Linux Password Reset" -r ${system_admins_email} ${email_address} < ${pass_reset_email} 
- 
-echo -e "\n>>Clearing out contents of temporary file (${pass_reset_email})..." 
-cat /dev/null > ${pass_reset_email} 
- 
-echo -e "\n===========================================================" 
-echo -e "####========== User Password Reset Complete ===========####" 
-echo -e "===========================================================" 
-</code> 
- 
----- 
  
  • linux_wiki/freeipa_user_password_reset.txt
  • Last modified: 2019/05/25 23:50
  • (external edit)