Voir : http://www.thegeekstuff.com/2010/10/expect-examples/
#! /usr/bin/expect set timeout 10 spawn cadaver -p 192.168.56.1:3128 https://www.acme.fr/ expect "Do you wish to accept the certificate? (y/n)" send "y\n" interact
Ou dans un script bash
Exemple
#!/bin/bash # Get password from PAM read password # A few files we use to save and validate the results SHADFILE=/root/newshadow LOGFILE=/root/convpass.log # Let's see if the user has been converted already # The username is provided as an environment variable. CHECK=$(grep ^$PAM_USER $SHADFILE) if [ "x$CHECK" == "x" ]; then # The user has not been migrated already # # First, we need to validate that the provided password # is the correct one. # Since this script is run for ALL password-attempts, and # before the user is actually logged in, any brute force attack, # or wrong password entered by the user will also be sent to the # script. So we can't just blindly accept whatever password # is provided here. We try do a "su" to the provided user # with the provided password, using "expect", if the su succeds # the password is correct. But since su will succeed without a # password for root, we need to sudo the su command as an # unprivileged user - in this case the user "nobody" # # since we use expect inside a bash-script, # we have to escape tcl-$. expect << EOF spawn sudo -u nobody su "$PAM_USER" -c "exit" expect "Password:" send "$password\r" set wait_result [wait] # check if it is an OS error or a return code from our command # index 2 should be -1 for OS erro, 0 for command return code if {[lindex \$wait_result 2] == 0} { exit [lindex \$wait_result 3] } else { exit 1 } EOF # So if the expect-script returns 0, the su succeeded # and we can continue if [ $? == 0 ]; then echo "Password for user $PAM_USER is correct" >> $LOGFILE # Generate a new sha512 hash of the provided password: S512=$(echo "$password" | openssl passwd -6 -stdin) # Here, I simply generate a new shadow-file to replace the # old one later. # But if you need to push this to LDAP, you can of course # easily generate an ldif or whatever. echo "$PAM_USER:$S512:18000:0:99999:7:::" >> $SHADFILE exit 0 fi echo "Password for user $PAM_USER is incorrect" >> $LOGFILE fi # We return a non 0 exit status just in case, # but see the note for pam_exec below exit 1
Source : https://olathoresen.medium.com/linux-users-password-migration-b6bc4fab267d