Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Using the encrypted password of the shadow file
Top Forums UNIX for Dummies Questions & Answers Using the encrypted password of the shadow file Post 302817993 by Corona688 on Thursday 6th of June 2013 06:36:41 PM
Old 06-06-2013
Quote:
Originally Posted by SkySmart
my question is, how can i authenticate users using the shadow password file? i'd like to do this in my own scripts.
The shadow file does not work that way. The passwords are obscured further than md5 (salted) to make them even more difficult to decipher.

I'm not sure they even use md5 for passwords anymore -- it turned out to have a major flaw.

Quote:
how can i make it so if a user is running a script, i want to make sure its the right user. not someone posing as the user.
If they can login as the correct user, they're probably the correct user, so use file access permissions to prevent anyone but that user from executing it.

This will also be a whole lot easier than trying to parse shadow files from three very different operating systems.
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

netrc file encrypted password

Hi, I do not want the plaintext password to appear in the netrc file. So I want to encrypt the password. Is there a way to encrypt the password and still make ftp to use the netrc ? Thanks in advance. -Gow:confused: (2 Replies)
Discussion started by: ggowrish
2 Replies

2. Shell Programming and Scripting

I want to append password in /etc/shadow file

Hi, I want to append password into /etc/shadow file using a shell script. My below script does add the users to both /etc/passwd and /etc/shadow but how can I add the hordcoded passwords to /etc/shadow file can some one help me ? # To add the groups into /etc/group file for a_user... (5 Replies)
Discussion started by: modgil
5 Replies

3. UNIX for Dummies Questions & Answers

shadow file after a password reset

hi, I had to reset a lost root password by editing the /etc/passwd and /etc/shadow files ( this is a xen vm file, so i mounted and chrooted the file ) after the reboot with an empty password on root , i have set a new password with passwd but it only changed the /etc/passwd file.... (0 Replies)
Discussion started by: progressdll
0 Replies

4. Linux

Interpreting the encrypted shadow password?

We are currently using a script to copy the same encrypted password between our HP-UX and Solaris servers editing the trusted and shadow files directly. The encrypted password is only 13 characters long on both servers and decrypts the same way. Is there a way to copy this same string to Linux... (5 Replies)
Discussion started by: keelba
5 Replies

5. UNIX for Dummies Questions & Answers

How to : Identify the the password is encrypted or not in /etc/shadow or /etc/passwd?

Thanks AVKlinux (11 Replies)
Discussion started by: avklinux
11 Replies

6. Solaris

Password Recovery From /etc/shadow file

Is it possible to reset a normal user password , by editing password field in /etc/shadow file? Thanks (6 Replies)
Discussion started by: ksvaisakh
6 Replies

7. UNIX for Advanced & Expert Users

/etc/shadow encrypted password

Hi I wonder whether is possible to generate enrypted passwd for some user and paste it into /etc/shadow file ? What kind of encryption is used in /etc/shadow file ? ths for help. (1 Reply)
Discussion started by: presul
1 Replies

8. Red Hat

Shadow file password policy

Today i was going through some of security guides written on linux . Under shadow file security following points were mentioned. 1)The encrypted password stored under /etc/shadow file should have more than 14-25 characters. 2)Usernames in shadow file must satisfy to all the same rules as... (14 Replies)
Discussion started by: pinga123
14 Replies

9. Shell Programming and Scripting

how to remove the non : characters after the password in shadow file?

On SPARC Solaris 10. I set the app account so it's expired. I also want it so not required to change password at first login, I can do this by removing the numbers after the password in /etc/shadow. example using user1 The /etc/shadow file looks like this: user1:kOmcVXAImRTAY:0::::90:: ... (8 Replies)
Discussion started by: TKD
8 Replies

10. Shell Programming and Scripting

Replace encrypted password in /etc/shadow using sed

Hello friends, We have encrypted password strings for all of our users (each user has different password). After creating users in Linux, we replace encrypted passwords manually on /etc/shadow so that their passwords directly work. Instead we want to do it using scripting. I tried with sed... (2 Replies)
Discussion started by: prvnrk
2 Replies

LEARN ABOUT LINUX

d_passwd

d_passwd(4)							   File Formats 						       d_passwd(4)

NAME

       d_passwd - dial-up password file

SYNOPSIS

       /etc/d_passwd

DESCRIPTION

       A  dial-up  password is an additional password required of users who access the computer through a modem or dial-up port. The correct pass-
       word must be entered before the user is granted access to the computer.

       d_passwd is an ASCII file which contains a list of executable programs (typically shells) that require a dial-up password and  the  associ-
       ated encrypted passwords. When a user attempts to log in on any of the ports listed in the dialups file (see dialups(4)), the login program
       looks at the user's login entry stored in the passwd file (see passwd(4)), and compares the login shell field to the entries  in  d_passwd.
       These entries determine whether the user will be required to supply a dial-up password.

       Each entry in d_passwd is a single line of the form:

       login-shell:password:

       where

       login-shell     The name of the login program that will require an additional dial-up password.

       password        An  encrypted  password. Users accessing the computer through a dial-up port or modem using login-shell will be required to
		       enter this password before gaining access to the computer.

       d_passwd should be owned by the root user and the root group. The file should have read and write permissions for the owner (root) only.

       If the user's login program in the passwd file is not found in d_passwd or if the login shell field in passwd is empty, the user must  sup-
       ply  the  default  password.  The default password is the entry for /usr/bin/sh. If d_passwd has no entry for /usr/bin/sh, then those users
       whose login shell field in passwd is empty or does not match any entry in d_passwd will not be prompted for a dial-up password.

       Dial-up logins are disabled if d_passwd has only the following entry:

       /usr/bin/sh:*:

EXAMPLES

       Example 1: Sample d_passwd file.

       Here is a sample d_passwd file:

       /usr/lib/uucp/uucico:q.mJzTnu8icF0:
       /usr/bin/csh:6k/7KCFRPNVXg:
       /usr/bin/ksh:9df/FDf.4jkRt:
       /usr/bin/sh:41FuGVzGcDJlw:

   Generating An Encrypted Password
       The passwd (see passwd(1)) utility can be used to generate the encrypted password for each login program. passwd generates encrypted  pass-
       words  for  users  and places the password in the shadow (see shadow(4)) file. Passwords for the d_passwd file will need to be generated by
       first adding a temporary user id using useradd (see useradd(1M)), and then using passwd(1) to generate the desired password in  the  shadow
       file. Once the encrypted version of the password has been created, it can be copied to the d_passwd file.

       For example:

       1.
	   Type useradd tempuser and press Return. This creates a user named tempuser.

       2.  Type passwd tempuser and press Return. This creates an encrypted password for tempuser and places it in the shadow file.

       3.  Find the entry for tempuser in the shadow file and copy the encrypted password to the desired entry in the d_passwd file.

       4.  Type userdel tempuser and press Return to delete tempuser.

       These steps must be executed as the root user.

FILES

       /etc/d_passwd	       dial-up password file

       /etc/dialups	       list of dial-up ports requiring dial-up passwords

       /etc/passwd	       password file

       /etc/shadow	       shadow password file

SEE ALSO

       passwd(1), useradd(1M), dialups(4), passwd(4), shadow(4)

WARNINGS

       When  creating  a  new  dial-up password, be sure to remain logged in on at least one terminal while testing the new password. This ensures
       that there is an available terminal from which you can correct any mistakes that were made when the new password was added.

SunOS 5.10							    2 Sep 2004							       d_passwd(4)
All times are GMT -4. The time now is 10:46 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy