I had a request to create a script that would allow users to reset a password, but the password needed to be randomly generated and at least 16 characters long.

 

We have already enabled longer passwords in AIX and updated the password algorithm to ssha512.

chsec -f /etc/security/login.cfg -s usw -a pwd_algorithm=ssha512

 

As all the AIX systems (and other UNIX) have openssl installed, to avoid installing any other tools, we will use openssl.

 

Generate a 16 character password.

/usr/bin/openssl rand -base64 16

b4all5h6+sLvYh1TPl13yw==

 

Now putting that in to a script is very easy.  First we generate the password, and remove any $ symbols, as these would be interated by the shell as variables, then display the password to the user and final using chpasswd we can apply the new random password to username.

 

NEWPASS=$( /usr/bin/openssl rand -base64 16 | tr -d "$" )

print -- ${NEWPASS}

print -- username:${NEWPASS} | /usr/bin/chpasswd