PASSMASS(1)                                           PASSMASS(1)

NAME
       passmass - change password on multiple machines

SYNOPSIS
       passmass [ host1 host2 host3 ...  ]

INTRODUCTION
       Passmass  changes a password on multiple machines.  If you
       have accounts on several machines that do not share  pass-
       word  databases,  Passmass  can  help you keep them all in
       sync.  This, in turn, will make it easier to  change  them
       more frequently.

       When  Passmass runs, it asks you for the old and new pass-
       words.  (If you  are  changing  root  passwords  and  have
       equivalencing,  the  old  password  is not used and may be
       omitted.)

       Passmass understands the "usual" conventions.   Additional
       arguments  may  be used for tuning.  They affect all hosts
       which follow until another  argument  overrides  it.   For
       example,  if  you are known as "libes" on host1 and host2,
       but "don" on host3, you would say:

            passmass host1 host2 -user don host3

       Arguments are:

              -user
                  User  whose  password  will  be  changed.    By
                  default, the current user is used.

              -rlogin
                  Use rlogin to access host.  (default)

              -slogin
                  Use slogin to access host.

              -telnet
                  Use telnet to access host.

              -program

                  Next argument is taken as program to run to set
                  password.  Default is "passwd".   Other  common
                  choices  are "yppasswd" and "set passwd" (e.g.,
                  VMS hosts).  A program name such  as  "password
                  fred"  can  be  used  to create entries for new
                  accounts (when run as root).

              -prompt
                  Next argument is taken as a prompt suffix  pat-
                  tern.   This allows the script to know when the
                  shell is prompting.  The default is  "#  "  for
                  root and "% " for non-root accounts.

              -timeout
                  Next  argument is number of seconds to wait for
                  responses.  Default is 30 but some systems  can
                  be much slower logging in.

HOW TO USE
       The  best  way  to run Passmass is to put the command in a
       one-line shell script or alias.  Whenever you  get  a  new
       account on a new machine, add the appropriate arguments to
       the command.  Then run it whenever you want to change your
       passwords on all the hosts.

CAVEATS
       It  should be obvious that using the same password on mul-
       tiple hosts carries risks.  In particular, if the password
       can  be  stolen,  then  all  of your accounts are at risk.
       Thus, you should not use Passmass in situations where your
       password  is visible, such as across a network where hack-
       ers are known to eavesdrop.

       On the other hand, if you have enough accounts  with  dif-
       ferent  passwords,  you may end up writing them down some-
       where - and that can be a security problem.  Funny  story:
       my college roommate had an 11"x13" piece of paper on which
       he had listed accounts and passwords all across the Inter-
       net.   This was several years worth of careful work and he
       carried it with him everywhere he went.  Well one day,  he
       forgot  to  remove  it from his jeans, and we found a per-
       fectly blank sheet of paper when we took out the wash  the
       following day!

SEE ALSO
       "Exploring  Expect:  A  Tcl-Based  Toolkit  for Automating
       Interactive Programs" by Don Libes, O'Reilly  and  Associ-
       ates, January 1995.

AUTHOR
       Don Libes, National Institute of Standards and Technology

                          7 October 1993                        1