Uniform Password Policy

2019‑05-28 Wander Boessenkool shadow , passwords , standarization , uniform

Run this one on a server with local accounts:

1

sed -ri 's/([^:]*):[^:]*:(.*)/\1:!!\2/' /etc/shadow

What it does

It locks out every account by setting a locked password, destroying the original password in the process.

Why it works

The -r options to sed enables extended regular expressions, the -i options edits inline.

The regular expression itself puts the username field in backreference 1, and everything after the password in backreference 2. It then changes the line to set the password to !!.

TL;DR

Working password logins
Happy users
Fun