Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: I want to append password in /etc/shadow file
Top Forums Shell Programming and Scripting I want to append password in /etc/shadow file Post 302068929 by modgil on Tuesday 21st of March 2006 09:36:15 PM
Old 03-21-2006
Quote:
Originally Posted by Perderabo
I'll tell you what I do, but it is a little risky. First I add the users to a "prototype" box. This is just some box where I start. I add the users, assign initial passwords, and I ask the user to sign on, change their passwords, and be sure that they like the shell, gcos info etc. I do not want to copy this around and then find that they csh or something. After the users accounts are all ready on the prototype box, I extract their lines from /etc/password and /etc/shadow. I use this to create a simple script that appends the lines to /etc/passwd and /etc/shadow. The script also makes the home directories, etc. I test this script on a test system. Once I am sure that I trust the script, I use an automated procedure to transfer to the boxes in question and run it. Like I said, this is a little risky. But I am careful and I am confident that I can correct any fumbles that occur.
Your view is challenging and good one but I cant use any of these system files too because of project requirment. I should use solaris commands like sed or cat which can append the hardcoded passwords into /etc/shadow file.
If you can write one command (sed or any one else) then it will be good help for me.
Thanx a lot
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

remove shadow password

Does anyone know how to remove a stanza in the shadow password file if the user account has already been removed on an AIX box? I know it can be done by editing the file itself but I would prefer not to do it that way. cheers gizaa (2 Replies)
Discussion started by: gizaa
2 Replies

2. UNIX for Dummies Questions & Answers

shadow file after a password reset

hi, I had to reset a lost root password by editing the /etc/passwd and /etc/shadow files ( this is a xen vm file, so i mounted and chrooted the file ) after the reboot with an empty password on root , i have set a new password with passwd but it only changed the /etc/passwd file.... (0 Replies)
Discussion started by: progressdll
0 Replies

3. Linux

Interpreting the encrypted shadow password?

We are currently using a script to copy the same encrypted password between our HP-UX and Solaris servers editing the trusted and shadow files directly. The encrypted password is only 13 characters long on both servers and decrypts the same way. Is there a way to copy this same string to Linux... (5 Replies)
Discussion started by: keelba
5 Replies

4. Solaris

Password Recovery From /etc/shadow file

Is it possible to reset a normal user password , by editing password field in /etc/shadow file? Thanks (6 Replies)
Discussion started by: ksvaisakh
6 Replies

5. UNIX for Advanced & Expert Users

/etc/shadow encrypted password

Hi I wonder whether is possible to generate enrypted passwd for some user and paste it into /etc/shadow file ? What kind of encryption is used in /etc/shadow file ? ths for help. (1 Reply)
Discussion started by: presul
1 Replies

6. Red Hat

Shadow file password policy

Today i was going through some of security guides written on linux . Under shadow file security following points were mentioned. 1)The encrypted password stored under /etc/shadow file should have more than 14-25 characters. 2)Usernames in shadow file must satisfy to all the same rules as... (14 Replies)
Discussion started by: pinga123
14 Replies

7. Shell Programming and Scripting

Users who have never changed their password from /etc/shadow.

Hello, I have to do a script which returns users who have never changed their password from /etc/shadow. Here is what have I done and I'm not sure if it's ok. I tried to return just users who doesn;t have password set or are locked. Can be there other kind of user who never changed the... (3 Replies)
Discussion started by: catalint
3 Replies

8. Shell Programming and Scripting

sed to append on specific line in password file

I have the a group file and my ftp group line looks like this ... (3 Replies)
Discussion started by: slufoot80
3 Replies

9. Shell Programming and Scripting

how to remove the non : characters after the password in shadow file?

On SPARC Solaris 10. I set the app account so it's expired. I also want it so not required to change password at first login, I can do this by removing the numbers after the password in /etc/shadow. example using user1 The /etc/shadow file looks like this: user1:kOmcVXAImRTAY:0::::90:: ... (8 Replies)
Discussion started by: TKD
8 Replies

10. UNIX for Dummies Questions & Answers

Using the encrypted password of the shadow file

i have an application that uses the encrypted password that's in the /etc/shadow file. i copied the line for the particular username i was interested it in from shadow file and i pasted it into the password file of the application. the application is nagios. this application allowed that... (5 Replies)
Discussion started by: SkySmart
5 Replies

LEARN ABOUT CENTOS

rpc.yppasswdd

RPC.YPPASSWDD(8)					       NIS Reference Manual						  RPC.YPPASSWDD(8)

NAME

       rpc.yppasswdd - NIS password update daemon

SYNOPSIS

       rpc.yppasswdd [-D directory] -e chsh|chfn [--port number] [-f|--foreground]

       rpc.yppasswdd [-s shadow] [-p passwd] -e chsh|chfn [--port number] [-f|--foreground]

       rpc.yppasswdd -x program | -E program  -e chsh|chfn [--port number] [-f|--foreground]

DESCRIPTION

       rpc.yppasswdd is the RPC server that lets users change their passwords in the presence of NIS (a.k.a. YP). It must be run on the NIS master
       server for that NIS domain.

       When a yppasswd(1) client contacts the server, it sends the old user password along with the new one.  rpc.yppasswdd will search the
       system's passwd file for the specified user name, verify that the given (old) password matches, and update the entry. If the user specified
       does not exist, or if the password, UID or GID doesn't match the information in the password file, the update request is rejected, and an
       error returned to the client.

       If this version of the server is compiled with the CHECKROOT=1 option, the password given is also checked against the systems root
       password.

       After updating the passwd file and returning a success notification to the client, rpc.yppasswdd executes the pwupdate script that updates
       the NIS server's passwd.*  and shadow.byname maps. This script assumes all NIS maps are kept in directories named /var/yp/nisdomain that
       each contain a Makefile customized for that NIS domain. If no such Makefile is found, the scripts uses the generic one in /var/yp.

       It is possible to pass OPTIONS to rpc.yppasswdd using the environment variable YPPASSWDD_ARGS and this variable can be set in
       /etc/sysconfig/yppasswdd.

OPTIONS

       The following options are available:

       -D directory
	   The passwd and shadow files are located under the specified directory path.	rpc.yppasswdd will use this files, not /etc/passwd and
	   /etc/shadow.  This is useful if you do not want to give all users in the NIS database automatic access to your NIS server.

       -E program
	   Instead of rpc.yppasswdd editing the passwd & shadow files, the specified program will be run to do the editing. The following
	   environment variables will be set for the program: YP_PASSWD_OLD, YP_PASSWD_NEW, YP_USER, YP_GECOS, YP_SHELL. The program should return
	   an exit status of 0 if the change completes successfully, 1 if the change completes successfully but pwupdate should not be run, and
	   otherwise if the change fails.

       -p passwdfile
	   This options tells rpc.yppasswdd to use a different source file instead of /etc/passwd This is useful if you do not want to give all
	   users in the NIS database automatic access to your NIS server.

       -s shadowfile
	   This options tells rpc.yppasswdd to use a different source file instead of /etc/passwd. See below for a brief discussion of shadow
	   support.

       -e [chsh|chfn]
	   By default, rpc.yppasswdd will not allow users to change the shell or GECOS field of their passwd entry. Using the -e option, you can
	   enable either of these. Note that when enabling support for ypchsh(1), you have to list all shells users are allowed to select in
	   /etc/shells.

       -x program
	   When the -x option is used, rpc.yppasswdd will not attempt to modify any files itself, but will instead run the specified program,
	   passing to its stdin information about the requested operation(s). There is a defined protocol used to communicate with this external
	   program, which has total freedom in how it propagates the change request. See below for more details on this.

       -m
	   Will be ignored, for compatibility with Solaris only.

       --port number
	   rpc.yppasswdd will try to register itself to this port. This makes it possible to have a router filter packets to the NIS ports.

       -v --version
	   Prints the version number and if this package is compiled with the CHECKROOT option.

       -f, --foreground
	   will not put itself into background.

MISCELLANEOUS

   Shadow Passwords
       Using Shadow passwords alongside NIS does not make too much sense, because the supposedly inaccesible passwords now become readable through
       a simple invocation of ypcat(1).

       Shadow support in rpc.yppasswdd does not mean that it offers a very clever solution to this problem, it simply means that it can read and
       write password entries in the system's shadow file. You have to produce a shadow.byname NIS map to distribute password information to your
       NIS clients.  rpc.yppasswdd will search at first in the /etc/passwd file for the user and password. If it find's the user, but the password
       is "x" and a /etc/shadow file exists, it will update the password in the shadow map.

   Use of the -x option
       The program should expect to read a single line from stdin, which is formatted as follows:

       <username> o:<oldpass> p:<password> s:<shell> g:<gcos>


       where any of the three fields [p, s, g] may or may not be present.

       This program should write "OK
" to stdout if the operation succeeded. On any other result, rpc.yppasswdd will report failure to the
       client.

       Note that the program specified by the -x option is responsible for doing any NIS make and build, and for doing any necessary validation on
       the shell and gcos field information supplied. The password passed to the client will be in UNIX crypt() format.

   Logging
       rpc.yppasswdd logs all password update requests to syslogd(8)'s auth facility. The logging information includes the originating host's IP
       address and the user name and UID contained in the request. The user-supplied password itself is not logged.

   Security
       rpc.yppasswdd should be as secure or insecure as any program relying on simple password authentication. If you feel that this is not
       enough, you may want to protect rpc.yppasswdd from outside access by using the `securenets' feature of the new portmap(8) version 3. Better
       still, look at rpasswdd(8).

FILES

       /usr/sbin/rpc.yppasswdd

       /usr/lib/yp/pwupdate

       /etc/passwd

       /etc/shadow

       /etc/sysconfig/yppasswdd

SEE ALSO

       passwd(5), shadow(5), passwd(1), rpasswdd(8), yppasswd(1), ypchsh(1), ypchfn(1), ypserv(8), ypcat(1)

AUTHOR

       Olaf Kirch <okir@monad.swb.de> and Thorsten Kukuk <kukuk@linux-nis.org>

NIS Reference Manual						    09/26/2007							  RPC.YPPASSWDD(8)
All times are GMT -4. The time now is 09:49 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy