As explained on the website "unique and rotated local super user or administrator passwords for environments where it is not possible or not appropriate to disable these local accounts".

I tested as a proof of concept how to:

• setup a SHIPS server on CentOS7
• configure SHIPS folder and ACL's for devices
• linux client execute SetAdminPass.sh for password rotation

Note that I simplified this test so the following was true:

• no LDAP enabled for user logins into web interface (no identLDAP.rb)
• devices not tested as belonging to LDAP OU (only using lib devicevalidatorany.rb)
• Used ansible as much as possible to prepare the SHIPS server
• Self signed certificate means client SetAdminPassword need --insecure with curl to even work.
• Did not try and autostart SHIPS code on server reboot

So suffice to say you were warned this is not secure and correct way to run SHIPS it is a way to test the basics!

Final run after Ansible ironed out like this:

Download and unzip my file containing ansible playbook ships.yml plus the conf, ships.cert and ships.key files in /usr/src/ships-playbook. Update the conf file with correct IP address.

# yum install ansible -y
# cd /usr/src/ships-playbook/
root@ships ships-playbook]# rm -rf /opt/SHIPS ; ansible-playbook ships.yml

# cd /opt/SHIPS
[root@ships SHIPS]# ruby -r ./lib/identsqlite -r ./lib/identdevice -r ./lib/devicevalidatorany SHIPS.rb
```

URL='https://192.168.1.98/password'
#URL_OPTS=""

#RESPONSE=$( curl $CURL_OPTS -s "$URL?$URL_OPTSname=$HOST&nonce=$NONCE" )
RESPONSE=$( curl $CURL_OPTS -s "$URL?name=$HOST&nonce=$NONCE" )

#CURL_OPTS=''
CURL_OPTS='--insecure ' #DON'T DO THIS!

HISTORY='/var/run/SHIPS.HIST'
```