Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How to store the passwords securely and use in scripts?
Top Forums Shell Programming and Scripting How to store the passwords securely and use in scripts? Post 303034027 by Neo on Tuesday 16th of April 2019 11:13:54 PM
Old 04-17-2019
Ravinder,

Many systems on the network require passwords to be stored in a flat file.

It's not always avoidable, so you can't say "NEVER NEVER DO THIS"... spoken much like someone who has not built a production application which uses clear text passwords.

Theory is not always the same in practice.

Normally, these kind of DB passwords are stored in plaintext in files which are hidden from users, so we must look at who has access to the system, the risk, the criticality of the application and other risk management factors.

Quote:
Originally Posted by karumudi7
Yes, I understand and I use SSH keys for password-less connections.
But it is more like when you are interacting with other services like database etc.
This is correct. Many CMS programs like WordPress store the DB passwords in clear text in a flat configuration file.
These 2 Users Gave Thanks to Neo For This Post:
RavinderSingh13 rbatte1
 

8 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

How to pass passwords to bash scripts?

I'm finding the following command very tedious to type in all the time, so I created a one line bash script called mount.bash with the following contents: mount -t cifs //mark/C\$ -o unc=//mark\\C$,ip=10.1.1.33,user=Administrator,password=$1 /mnt/mark I don't like the fact that I have to put... (5 Replies)
Discussion started by: siegfried
5 Replies

2. Shell Programming and Scripting

Checking passwords - scripts

Hi Unix experts.... I am in the process checking user and root password of more than 1000 servers manulay. I am very pissed of checking these many servers manualy. Could some one of you help me how can i check the passwords just by runing some scripts..! Need Help Guys..! :confused: (5 Replies)
Discussion started by: bullz26
5 Replies

3. Solaris

installing solaris securely

Ok, I am trying to install solaris, but I would like as a lean installation as possible (while still having a shread of functionality). If I chose the minimal install I have little if no utilities to do work on the box. My question is what installation method do most admins take? ... (7 Replies)
Discussion started by: liven
7 Replies

4. Shell Programming and Scripting

Oracle Passwords in Unix scripts

Hi Most of the shell scripts I am dealing with have to connect to oracle database . The username password is stored in a environment file which sets the variables for username and password . Set user id do not work on AIX so users who will execute these scripts need to have read or execute... (5 Replies)
Discussion started by: clifford
5 Replies

5. Shell Programming and Scripting

SSH - Passing Unix login passwords through shell scripts

Hi All , I need to call a script runscript_B.sh on server A, the runscript_B.sh script locating in server B. The runscript_B.sh in calls another script runscript_A on server A itself. it seend, i need to be connect from Server A to Server B using ssh. I have tryed like this in... (3 Replies)
Discussion started by: koti_rama
3 Replies

6. UNIX for Advanced & Expert Users

When did UNIX start using encrypted passwords, and not displaying passwords when you type them in?

I've been using various versions of UNIX and Linux since 1993, and I've never run across one that showed your password as you type it in when you log in, or one that stored passwords in plain text rather than encrypted. I'm writing a script for work for a security audit, and two of the... (5 Replies)
Discussion started by: Anne Neville
5 Replies

7. AIX

When did AIX start using /etc/security/passwd instead of /etc/passwd to store encrypted passwords?

Does anyone know when AIX started using /etc/security/passwd instead of /etc/passwd to store encrypted passwords? (1 Reply)
Discussion started by: Anne Neville
1 Replies

8. UNIX for Advanced & Expert Users

Store passwords , accounts, IPs, hostnames

Hi, this question is not specially unix related, but I expect advanced and expert unix users to have a solution for this, and I've found no other subforum that fits ;) what do you use to store accounts, customer ids, ip addresses, users and specially passwords, to access them from... (6 Replies)
Discussion started by: funksen
6 Replies

LEARN ABOUT LINUX

pam_userdb

PAM_USERDB(8)							 Linux-PAM Manual						     PAM_USERDB(8)

NAME

       pam_userdb - PAM module to authenticate against a db database

SYNOPSIS

       pam_userdb.so db=/path/database [debug] [crypt=[crypt|none]] [icase] [dump] [try_first_pass] [use_first_pass] [unknown_ok] [key_only]

DESCRIPTION

       The pam_userdb module is used to verify a username/password pair against values stored in a Berkeley DB database. The database is indexed
       by the username, and the data fields corresponding to the username keys are the passwords.

OPTIONS

       crypt=[crypt|none]
	   Indicates whether encrypted or plaintext passwords are stored in the database. If it is crypt, passwords should be stored in the
	   database in crypt(3) form. If none is selected, passwords should be stored in the database as plaintext.

       db=/path/database
	   Use the /path/database database for performing lookup. There is no default; the module will return PAM_IGNORE if no database is
	   provided.

       debug
	   Print debug information.

       dump
	   Dump all the entries in the database to the log. Don't do this by default!

       icase
	   Make the password verification to be case insensitive (ie when working with registration numbers and such). Only works with plaintext
	   password storage.

       try_first_pass
	   Use the authentication token previously obtained by another module that did the conversation with the application. If this token can
	   not be obtained then the module will try to converse. This option can be used for stacking different modules that need to deal with the
	   authentication tokens.

       use_first_pass
	   Use the authentication token previously obtained by another module that did the conversation with the application. If this token can
	   not be obtained then the module will fail. This option can be used for stacking different modules that need to deal with the
	   authentication tokens.

       unknown_ok
	   Do not return error when checking for a user that is not in the database. This can be used to stack more than one pam_userdb module
	   that will check a username/password pair in more than a database.

       key_only
	   The username and password are concatenated together in the database hash as 'username-password' with a random value. if the
	   concatenation of the username and password with a dash in the middle returns any result, the user is valid. this is useful in cases
	   where the username may not be unique but the username and password pair are.

MODULE TYPES PROVIDED

       The auth and account module types are provided.

RETURN VALUES

       PAM_AUTH_ERR
	   Authentication failure.

       PAM_AUTHTOK_RECOVERY_ERR
	   Authentication information cannot be recovered.

       PAM_BUF_ERR
	   Memory buffer error.

       PAM_CONV_ERR
	   Conversation failure.

       PAM_SERVICE_ERR
	   Error in service module.

       PAM_SUCCESS
	   Success.

       PAM_USER_UNKNOWN
	   User not known to the underlying authentication module.

EXAMPLES

	   auth  sufficient pam_userdb.so icase db=/etc/dbtest.db

SEE ALSO

       crypt(3), pam.conf(5), pam.d(5), pam(7)

AUTHOR

       pam_userdb was written by Cristian Gafton >gafton@redhat.com<.

Linux-PAM Manual						    06/04/2011							     PAM_USERDB(8)
All times are GMT -4. The time now is 11:20 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy