How do you change a user password in a script with busybox and openssl?

Question

I need to synchronize a user account and password to an external source on a system with busybox and openssl installed. When the external source tells my system to update credentials, how do I change the user's password in a script? I will have the password in plain text.

This has to be automated, and from what I can tell busybox passwd is interactive and I don't particularly want to write an expect-type script for passwd if that's even possible. It looks like openssl can generate password hashes (openssl passwd -1 -salt "abcdefgh" {password}), but will I have to modify /etc/shadow directly?

Busybox has these commands available.

Answer 1

Does the system have usermod on it? I believe it comes with Shadow. If so, you can do usermod -p PASSWORD LOGIN with the encrypted password.

Answer 2

You can write a small script like this to update the password. Put the following text in a file and execute it. It will change your password.

#!/bin/sh
passwd << EOF
<old password>
<new password>
<new password>
EOF

Answer 3

Turns out current versions of busybox have chpasswd (source code). chpasswd takes a colon-delimited pair username:password on stdin. I don't know whether I can update the busybox on my system, but I'll leave this answer in case someone else comes looking.

From the busybox documentation:

chpasswd
chpasswd [--md5|--encrypted]

Read user:password from stdin and update /etc/passwd

Options:

        -e,--encrypted  Supplied passwords are in encrypted form
        -m,--md5        Use MD5 encryption instead of DES