Hello and Welcome from United States to the UNIX and Linux Forums! Thank You for Visiting and Joining Our Global Community.
|
Hello and Welcome from United States to the UNIX and Linux Forums! Thank You for Visiting and Joining Our Global Community.
|
|
google unix.com
|
|||||||
| Forums | Register | Forum Rules | Links | Albums | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
 |
| Linux RedHat, Ubuntu, SUSE, Fedora, Debian, Mandriva, Slackware, Gentoo linux, PCLinuxOS. All Linux questions here! |
More UNIX and Linux Forum Topics You Might Find Helpful
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| I want to append password in /etc/shadow file | modgil | Shell Programming and Scripting | 5 | 03-22-2006 12:08 AM |
| how can i send via SFTP information with my password encrypted? | irasela | SUN Solaris | 1 | 01-26-2006 09:29 AM |
| Change password by pushing encrypted password to systems | benq70 | UNIX for Dummies Questions & Answers | 1 | 09-02-2005 09:08 AM |
| remove shadow password | gizaa | UNIX for Dummies Questions & Answers | 2 | 08-03-2004 07:30 PM |
| netrc file encrypted password | ggowrish | UNIX for Advanced & Expert Users | 2 | 06-17-2004 05:15 AM |
 |
Powered by 
|
|
|
LinkBack | Thread Tools | Search this Thread |
Rating: 
|
Display Modes |
|
|
03-11-2008
|
||||
|
||||
|
Interpreting the encrypted shadow password?
We are currently using a script to copy the same encrypted password between our HP-UX and Solaris servers editing the trusted and shadow files directly. The encrypted password is only 13 characters long on both servers and decrypts the same way. Is there a way to copy this same string to Linux servers?
The encrypted password in the shadow file on one of our Linux servers looks like this: 1$9EmV.jZO$YyfdtPT11aP3hE.jqX7Ve0 I've read the crypt 3 man page but I am not sure how to intrepret it. Any idea if its possible to replace 13 characters in this string to decrypt the same password? |
|
03-11-2008
|
||||
|
||||
|
You can just go over to a Linux box, set the user's password, and see the result in the shadow file.
I do not know if encryption is identical on those three Unixes. Your other choice: run some sort of script to update passwords remotely. |
|
03-12-2008
|
||||
|
||||
|
Thanks Jim for the reply. The problem is that the encrypted password string on HP-UX and Solaris is 13 characters long. On Linux it is 34 characters long. I'm not sure if there are special meanings in these 34 characters or if it is just a 26 character salt or what. It would be nice if I could somehow figure out how to use the 13 character string somewhere in the Linux encryption.
We currently have an expect script to change passwords but it is painfully slow compared to the script I wrote for HP and Sun. I wanted to incorporate Linux into this script but cannot figure out how to do it. |
|
03-12-2008
|
||||
|
||||
|
The simple answer is to identify the most secure and compatible hashing algorithm supported by all three platforms, settle on this and alter the systems configurations to honor this algorithm and use it for future password generation. Then a method to generate the passwords for each user using the same salt on all three platforms could be devised along with a way to generate the users passwd/shadow entries and then a method to add these to password/shadow files on target systems.
All of this would be simplified to a great degree if central authentication was in use, ala LDAP or NIS, unless I'm misunderstanding. Otherwise it's a poor man's directory service |
|
03-12-2008
|
||||
|
||||
|
We use Vintella for central authorization but do not use it for root or application IDs. In an enterprise this big changing any hashing algorithms for passwords is not feasible.
It sounds like I'm SOL. I can create a different script to handle just the Linux servers but was really hoping to be able to do it in one script. |
|
03-12-2008
|
||||
|
||||
|
.For your root and appllication passwords you can always use expect or automated ssh to batch process passwd changes driving the native platforms passwd. I've used expect for this in the past.
Code:
proc manualChange {} {
global prompt spawn_id timeout
expect {
-i $spawn_id -re $prompt {
send_user "Logged in to host: $name as $username\n"
send "passwd\r\n"
expect -i $spawn_id -re ".*asswor.*" {
set new [getInput "Password change for $username on $name: "]
send "$new\r\n"
expect -i $spawn_id -re "\[Rr\]e.*asswor.*" {
send "$new\r\n"
expect -i $spawn_id -re "$prompt" { send_user "Password changed successfully for $name\n"
}
}
}
}
timeout {send_user "Timed out for spawn_id: $spawn_id\n"}
eof {send_user "Abnormal termination for spawn_id: $spawn_id"}
}
}
if {[llength $argv] < 2} {puts "Please provide:\n 1. username\n 2. list of hosts" ; exit}
set username [lindex $argv 0]
set hostlist [lrange $argv 1 [llength $argv]]
##main()
set prompt "[lindex $argv 0]@.*|.*[lindex $argv 0].*>|.*[lindex $argv 0].*#"
foreach name $hostlist {
if {![catch {eval spawn $loginprog $username@$name} err_spawn]} {
puts "Connecting to $name..."
expect {
-re $prompt {
send_user "Logged in to host: $name as $username\n"
send "passwd\r\n"
expect -i $spawn_id -re ".*asswor.*" {
set new [getInput "Password change for $username on $name: "]
send "$new\r\n"
expect -i $spawn_id -re "\[Rr\]e.*asswor.*" {
send "$new\r\n"
expect -i $spawn_id -re "$prompt" {
send_user "Password changed successfully for $name\n"
}
}
}
}
-re $pwprompt {
send_user "Log in manually and then press ^p to change password\n"
interact {
"^P" {manualChange}
}
}
timeout {send_user "Timed out waiting on $name\n"}
eof {send_user "Abnormal exit for connect() to host: $name\n"}
}
} else {
puts "ERROR: Connecting to host: $name = $err_spawn"
}
}
HTH. |
|
| Bookmarks |
| Tags |
| linux, solaris |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
Hybrid Mode
