Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Interpreting the encrypted shadow password?
Operating Systems Linux Interpreting the encrypted shadow password? Post 302175029 by ramen_noodle on Wednesday 12th of March 2008 09:13:45 PM
Old 03-12-2008
.For your root and appllication passwords you can always use expect or automated ssh to batch process passwd changes driving the native platforms passwd. I've used expect for this in the past.

Code:
proc manualChange {} {
global prompt spawn_id timeout
                         expect  {
				  -i $spawn_id -re $prompt {
					             send_user "Logged in to host: $name as $username\n"
					             send "passwd\r\n"
					             expect -i $spawn_id -re ".*asswor.*" {
                                                               set new [getInput "Password change for $username on $name: "]


								send "$new\r\n"
								expect -i $spawn_id -re "\[Rr\]e.*asswor.*" {
								          send "$new\r\n"
								          expect -i $spawn_id  -re "$prompt" {										                                                  send_user "Password changed successfully for $name\n"
										                             }
										      }
							     }
					        }
                         timeout {send_user "Timed out for spawn_id: $spawn_id\n"}
			 eof {send_user "Abnormal termination for spawn_id: $spawn_id"}
			 }
}

if {[llength $argv] < 2} {puts "Please provide:\n 1. username\n 2. list of hosts" ;  exit}
set username [lindex $argv 0]
set hostlist [lrange $argv 1 [llength $argv]]
##main()
         set prompt "[lindex $argv 0]@.*|.*[lindex $argv 0].*>|.*[lindex $argv 0].*#"
         foreach name $hostlist {
	                         if {![catch {eval spawn $loginprog $username@$name} err_spawn]} {
				      puts "Connecting to $name..."
				      expect  {
				          
					      -re $prompt {
					                     send_user "Logged in to host: $name as $username\n"
							     send "passwd\r\n"
							     expect -i $spawn_id -re ".*asswor.*" {
                                                                       set new [getInput "Password change for $username on $name: "]
								       send "$new\r\n"
								       expect -i $spawn_id -re "\[Rr\]e.*asswor.*" {
										            send "$new\r\n"
										            expect -i $spawn_id  -re "$prompt" {
										                                               send_user "Password changed successfully for $name\n"
										                             }
										      }
							     }
					        }		     			
					        -re $pwprompt {
						              send_user "Log in manually and then press ^p to change password\n"
						              interact {
							                 "^P" {manualChange}
							      }
					        }		      		   		                                   
						timeout {send_user "Timed out waiting on $name\n"}
						eof {send_user "Abnormal exit for connect() to host: $name\n"}
				       }													                             
				     } else {
				        puts "ERROR: Connecting to host: $name = $err_spawn"
				     }	  
	   }

Using ssh-agent and keys this is a quick way to change passwords and also allows you to catch hosts without keys, etc...
HTH.
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

netrc file encrypted password

Hi, I do not want the plaintext password to appear in the netrc file. So I want to encrypt the password. Is there a way to encrypt the password and still make ftp to use the netrc ? Thanks in advance. -Gow:confused: (2 Replies)
Discussion started by: ggowrish
2 Replies

2. UNIX for Dummies Questions & Answers

Change password by pushing encrypted password to systems

I'm tasked to change a user's password on multiple Linux systems (RH v3). I though copying the encrypted password from one Linux /etc/shadow file to another would work but I was wrong. The long term solution is to establish an openLDAP Directory service, but for now I'm stuck with a manual... (1 Reply)
Discussion started by: benq70
1 Replies

3. UNIX for Dummies Questions & Answers

How to : Identify the the password is encrypted or not in /etc/shadow or /etc/passwd?

Thanks AVKlinux (11 Replies)
Discussion started by: avklinux
11 Replies

4. UNIX and Linux Applications

Accessing Oracle via encrypted password

Actually in my application there is an XML file. The password and the user name for the database that I need to access the development box is stored there. But using some UNIX command I am able to access the raw content of the file and not the decrypted code for that password. When I am applying... (3 Replies)
Discussion started by: nandumishra
3 Replies

5. Shell Programming and Scripting

To decrypt encrypted password

Hi folks, What will be the easy way to decrypt encrypted passwords on MySQL table. Googling brought me many suggestions on crypt/decrypt running scripts. Please advise. TIA Remark: I think the encrypt function of MySQL uses the Unix crypt command to encrypt B.R. satimis (1 Reply)
Discussion started by: satimis
1 Replies

6. UNIX for Advanced & Expert Users

/etc/shadow encrypted password

Hi I wonder whether is possible to generate enrypted passwd for some user and paste it into /etc/shadow file ? What kind of encryption is used in /etc/shadow file ? ths for help. (1 Reply)
Discussion started by: presul
1 Replies

7. Shell Programming and Scripting

Replace encrypted password in /etc/shadow using sed

Hello friends, We have encrypted password strings for all of our users (each user has different password). After creating users in Linux, we replace encrypted passwords manually on /etc/shadow so that their passwords directly work. Instead we want to do it using scripting. I tried with sed... (2 Replies)
Discussion started by: prvnrk
2 Replies

8. UNIX for Dummies Questions & Answers

Using the encrypted password of the shadow file

i have an application that uses the encrypted password that's in the /etc/shadow file. i copied the line for the particular username i was interested it in from shadow file and i pasted it into the password file of the application. the application is nagios. this application allowed that... (5 Replies)
Discussion started by: SkySmart
5 Replies

9. Shell Programming and Scripting

Encrypted password in script

How to keep encrypted password in a shell script.? I have the file which has the following: a.sh ----- username=abc password=abc I will be using this username and password in another script. But I don't want to reveal the password in the script. How to keep the password... (3 Replies)
Discussion started by: sanvel
3 Replies

10. Cybersecurity

Is TLS encrypted password safe?

Hello, on my android device my app autosaves my password and it encrypts by TLS im not politically exposed person, just regular entrepreneur. Should i worry if i loose my phone with TLS encrypted password? Or regular mortals or casual hackers are not able to crack it? (4 Replies)
Discussion started by: postcd
4 Replies

LEARN ABOUT REDHAT

shadow

SHADOW(5)							File Formats Manual							 SHADOW(5)

NAME

       shadow - encrypted password file

DESCRIPTION

       shadow contains the encrypted password information for user's accounts and optional the password aging information.  Included is

	    Login name

	    Encrypted password

	    Days since Jan 1, 1970 that password was last changed

	    Days before password may be changed

	    Days after which password must be changed

	    Days before password is to expire that user is warned

	    Days after password expires that account is disabled

	    Days since Jan 1, 1970 that account is disabled

	    A reserved field

       The  password  field must be filled.  The encryped password consists of 13 to 24 characters from the 64 character alphabet a thru z, A thru
       Z, 0 thru 9, . and /.  Refer to crypt(3) for details on how this string is interpreted.

       The date of the last password change is given as the number of days since Jan 1, 1970.  The password may not be	changed  again	until  the
       proper number of days have passed, and must be changed after the maximum number of days.  If the minimum number of days required is greater
       than the maximum number of day allowed, this password may not be changed by the user.

       An account is considered to be inactive and is disabled if the password is not changed within the specified number of days after the  pass-
       word expires.  An account will also be disabled on the specified day regardless of other password expiration information.

       This information supercedes any password or password age information present in /etc/passwd.

       This file must not be readable by regular users if password security is to be maintained.

FILES

       /etc/passwd - user account information
       /etc/shadow - encrypted user passwords

SEE ALSO

       chage(1), login(1), passwd(1), su(1), passwd(5), pwconv(8), pwunconv(8), sulogin(8)

AUTHOR

       Julianne Frances Haugh (jockgrrl@ix.netcom.com)

																	 SHADOW(5)
All times are GMT -4. The time now is 02:32 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy