08-01-2012
Quote:
Originally Posted by
chetan.c
Thanks Ashish/Corona688.
@cero:
Actually i want the best practice to secure the Password.
"Best practices" for retrievably-stored passwords is to not do that, at all, ever
Most sane login systems refuse to use stored passwords, and some even provide safer alternative methods(like ssh keys).
If it's unavoidable, keep it in a file that's
only readable by the application you need, then pass the password into the relevant application with pipes so they can't be snooped on ps.
Last edited by Corona688; 08-01-2012 at 12:31 PM..
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
Could someone please help me...I have an expect script. There's a need for a log in during the script and a password is required...right now the password is just a variable in the expect script...what would be the best way to put that in an encrypted flat file and have the expect script pull the... (2 Replies)
Discussion started by: cubs0729
2 Replies
2. Shell Programming and Scripting
Hello,
I have a paramter file, In which I store all the user-ids and passwords for the project. So if a user just invokes the paramter file he has access to all the variables, which i have exported in the parmatere file.
Now if a user echo's the variable which stores the databse password.... (1 Reply)
Discussion started by: DSDexter
1 Replies
3. Shell Programming and Scripting
Hi,
I have written a shell script in unix for my customer. Now I want to make it only execute and not to read/write. Can anybody help me how to set password protect/encript my script.
Thanks
Suresh (3 Replies)
Discussion started by: suresh3566
3 Replies
4. UNIX for Advanced & Expert Users
Hello folks
I have a conf file ,say 'pass.conf' ,which is storing ascii password : PASS1111.
I need to encrypt this password once and store it in a file.
I ,then need to write a script which would read this encrypted password and decrypts it.The o/p o this script shud be this decrypted... (8 Replies)
Discussion started by: ak835
8 Replies
5. Shell Programming and Scripting
Hi
I have following problem Im writing a script (in bash ) , where need to be written login & passwd for databas client .
Its need to in following form login passwd@dbhostname .
The problem is so anybody can read it so the passwd & login are visible and thats not very safety .
Can... (8 Replies)
Discussion started by: kvok
8 Replies
6. Shell Programming and Scripting
Hi,
I have run the below script which is connected to db2 v9.5. There is no issue. The only problem is how to encrypt the dbpwd?
#!/bin/ksh
#---- Set Environment
dbalias="dev1db"
dbuser="user1"
dbpwd="password"
#---- Connect to the Database
cd /opt/ibm/db2/V9.5/bin
db2 "connect to... (1 Reply)
Discussion started by: lookinginfo
1 Replies
7. Shell Programming and Scripting
Hi,
I came across the following script for encrypting the password in this forum
#! /usr/bin/ksh
exec 4>/dev/tty
function getpass
{
typeset prompt=$1
typeset backspace=$(echo \\b\\c)
typeset enter=$(echo \\r\\c)
typeset savesetting=$(stty -g)
... (9 Replies)
Discussion started by: dbashyam
9 Replies
8. Shell Programming and Scripting
Hi All,
I have stored Oracle database passwords in a hidden file - .pass_file.
My shell script reads the hidden file, gets the password and then logs in to the Oracle database and runs some SQL script.
My requirement is:
I need to provide the shell script to be executed by someone else. So,... (1 Reply)
Discussion started by: sunpraveen
1 Replies
9. Shell Programming and Scripting
Hi All,
very good morning all.
I am trying to connect to informatica repository by using shell script.
I have written pmrep connect command in the script file. But i need to provide repository, domain ,username and password to connect. Username and password are hard coded in the script... (8 Replies)
Discussion started by: SekhaReddy
8 Replies
10. Shell Programming and Scripting
Hello,
I have the following UNIX shell script which connects to the teradata database and executes the SQL Queries. For this, I am passing database name, username and password. I don't want to reveal my password to anyone. So, is there any way that I can encrypt my password and read the... (2 Replies)
Discussion started by: ronitreddy
2 Replies
LEARN ABOUT DEBIAN
rlm_pap
rlm_pap(5) FreeRADIUS Module rlm_pap(5)
NAME
rlm_pap - FreeRADIUS Module
DESCRIPTION
The rlm_pap module authenticates RADIUS Access-Request packets that contain a User-Password attribute. The module should also be listed
last in the authorize section, so that it can set the Auth-Type attribute as appropriate.
When a RADIUS packet contains a clear-text password in the form of a User-Password attribute, the rlm_pap module may be used for authenti-
cation. The module requires a "known good" password, which it uses to validate the password given in the RADIUS packet. That "known good"
password must be supplied by another module (e.g. rlm_files, rlm_ldap, etc.), and is usually taken from a database.
CONFIGURATION
The only relevant configuration item is:
auto_header
If set to "yes", the module will look inside of the User-Password attribute for the headers {crypt}, {clear}, etc., and will auto-
matically create the appropriate attribute, with the correct value.
This module understands many kinds of password hashing methods, as given by the following table.
Header Attribute Description
------ --------- -----------
{clear} Cleartext-Password clear-text passwords
{cleartext} Cleartext-Password clear-text passwords
{crypt} Crypt-Password Unix-style "crypt"ed passwords
{md5} MD5-Password MD5 hashed passwords
{smd5} SMD5-Password MD5 hashed passwords, with a salt
{sha} SHA-Password SHA1 hashed passwords
{ssha} SSHA-Password SHA1 hashed passwords, with a salt
{nt} NT-Password Windows NT hashed passwords
{x-nthash} NT-Password Windows NT hashed passwords
{lm} LM-Password Windows Lan Manager (LM) passwords.
The module tries to be flexible when handling the various password formats. It will automatically handle Base-64 encoded data, hex
strings, and binary data, and convert them to a format that the server can use.
It is important to understand the difference between the User-Password and Cleartext-Password attributes. The Cleartext-Password attribute
is the "known good" password for the user. Simply supplying the Cleartext-Password to the server will result in most authentication meth-
ods working. The User-Password attribute is the password as typed in by the user on their private machine. The two are not the same, and
should be treated very differently. That is, you should generally not use the User-Password attribute anywhere in the RADIUS configura-
tion.
For backwards compatibility, there are old configuration parameters which may be work, although we do not recommend using them.
SECTIONS
authorize authenticate
FILES
/etc/raddb/radiusd.conf
SEE ALSO
radiusd(8), radiusd.conf(5)
AUTHOR
Alan DeKok <aland@freeradius.org>
6 June 2008 rlm_pap(5)