Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How to store the passwords securely and use in scripts?
Top Forums Shell Programming and Scripting How to store the passwords securely and use in scripts? Post 303034027 by Neo on Tuesday 16th of April 2019 11:13:54 PM
Old 04-17-2019
Ravinder,

Many systems on the network require passwords to be stored in a flat file.

It's not always avoidable, so you can't say "NEVER NEVER DO THIS"... spoken much like someone who has not built a production application which uses clear text passwords.

Theory is not always the same in practice.

Normally, these kind of DB passwords are stored in plaintext in files which are hidden from users, so we must look at who has access to the system, the risk, the criticality of the application and other risk management factors.

Quote:
Originally Posted by karumudi7
Yes, I understand and I use SSH keys for password-less connections.
But it is more like when you are interacting with other services like database etc.
This is correct. Many CMS programs like WordPress store the DB passwords in clear text in a flat configuration file.
These 2 Users Gave Thanks to Neo For This Post:
RavinderSingh13 rbatte1
 

8 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

How to pass passwords to bash scripts?

I'm finding the following command very tedious to type in all the time, so I created a one line bash script called mount.bash with the following contents: mount -t cifs //mark/C\$ -o unc=//mark\\C$,ip=10.1.1.33,user=Administrator,password=$1 /mnt/mark I don't like the fact that I have to put... (5 Replies)
Discussion started by: siegfried
5 Replies

2. Shell Programming and Scripting

Checking passwords - scripts

Hi Unix experts.... I am in the process checking user and root password of more than 1000 servers manulay. I am very pissed of checking these many servers manualy. Could some one of you help me how can i check the passwords just by runing some scripts..! Need Help Guys..! :confused: (5 Replies)
Discussion started by: bullz26
5 Replies

3. Solaris

installing solaris securely

Ok, I am trying to install solaris, but I would like as a lean installation as possible (while still having a shread of functionality). If I chose the minimal install I have little if no utilities to do work on the box. My question is what installation method do most admins take? ... (7 Replies)
Discussion started by: liven
7 Replies

4. Shell Programming and Scripting

Oracle Passwords in Unix scripts

Hi Most of the shell scripts I am dealing with have to connect to oracle database . The username password is stored in a environment file which sets the variables for username and password . Set user id do not work on AIX so users who will execute these scripts need to have read or execute... (5 Replies)
Discussion started by: clifford
5 Replies

5. Shell Programming and Scripting

SSH - Passing Unix login passwords through shell scripts

Hi All , I need to call a script runscript_B.sh on server A, the runscript_B.sh script locating in server B. The runscript_B.sh in calls another script runscript_A on server A itself. it seend, i need to be connect from Server A to Server B using ssh. I have tryed like this in... (3 Replies)
Discussion started by: koti_rama
3 Replies

6. UNIX for Advanced & Expert Users

When did UNIX start using encrypted passwords, and not displaying passwords when you type them in?

I've been using various versions of UNIX and Linux since 1993, and I've never run across one that showed your password as you type it in when you log in, or one that stored passwords in plain text rather than encrypted. I'm writing a script for work for a security audit, and two of the... (5 Replies)
Discussion started by: Anne Neville
5 Replies

7. AIX

When did AIX start using /etc/security/passwd instead of /etc/passwd to store encrypted passwords?

Does anyone know when AIX started using /etc/security/passwd instead of /etc/passwd to store encrypted passwords? (1 Reply)
Discussion started by: Anne Neville
1 Replies

8. UNIX for Advanced & Expert Users

Store passwords , accounts, IPs, hostnames

Hi, this question is not specially unix related, but I expect advanced and expert unix users to have a solution for this, and I've found no other subforum that fits ;) what do you use to store accounts, customer ids, ip addresses, users and specially passwords, to access them from... (6 Replies)
Discussion started by: funksen
6 Replies

LEARN ABOUT REDHAT

ckpasswd

CKPASSWD(1)						    InterNetNews Documentation						       CKPASSWD(1)

NAME

       ckpasswd - nnrpd password authenticator

SYNOPSIS

       ckpasswd [-s] [-d database] [-f filename]

DESCRIPTION

       ckpasswd is the basic password authenticator for nnrpd, suitable for being run from an auth stanza in readers.conf(5).  See readers.conf(5)
       for more information on how to configure an nnrpd authenticator.

       ckpasswd accepts a username and password from nnrpd and tells nnrpd(8) whether that's the correct password for that username.  By default,
       when given no arguments, it checks the password against the password field returned by getpwnam(3).  Note that these days most systems no
       longer make real passwords available via getpwnam(3) (some still do if and only if the program calling getpwnam(3) is running as root).

       Note that ckpasswd expects all passwords to be stored encrypted by the system crypt(3) function and calls crypt(3) on the supplied password
       before comparing it to the expected password.

OPTIONS

       -d database
	   Read passwords from a database (ndbm or dbm format depending on what your system has) rather than by using getpwnam(3).  ckpasswd
	   expects database.dir and database.pag to exist and to be a database keyed by username with the encrypted passwords as the values.

	   While INN doesn't come with a program intended specifically to create such databases, on most systems it's fairly easy to write a Perl
	   script to do so.  Something like:

	       #!/usr/bin/perl
	       use NDBM_File;
	       use Fcntl;
	       tie (%db, 'NDBM_File', '/path/to/database', O_RDWR | O_CREAT, 0640)
		   or die "Cannot open /path/to/database: $!
";
	       $| = 1;
	       print "Username: ";
	       my $user = <STDIN>;
	       chomp $user;
	       print "Password: ";
	       my $passwd = <STDIN>;
	       chomp $passwd;
	       my @alphabet = ('.', '/', 0..9, 'A'..'Z', 'a'..'z');
	       my $salt = join '', @alphabet[rand 64, rand 64];
	       $db{$user} = crypt ($passwd, $salt);
	       untie %db;

	   Note that this will echo back the password when typed; there are obvious improvements that could be made to this, but it should be a
	   reasonable start.

	   This option will not be available on systems without dbm or ndbm libraries.

       -f filename
	   Read passwords from the given file rather than using getpwnam(3).  The file is expected to be formatted like a system password file, at
	   leat vaguely.  That means each line should look something like:

	       username:pdIh9NCNslkq6

	   (and each line may have an additional colon after the encrypted password and additional data; that data will be ignored by ckpasswd).
	   INN does not come with a utility to create the encrypted passwords, but it's a quick job with Perl (see the example script under -d).

       -s  Check passwords against the result of getspnam(3) instead of getpwnam(3).  This function, on those systems that supports it, reads from
	   /etc/shadow or similar more restricted files.  If you want to check passwords supplied to nnrpd(8) against system account passwords,
	   you will probably have to use this option on most systems.

	   Most systems require special privileges to call getspnam(3), so in order to use this option you may need to make ckpasswd setgid to
	   some group (like group "shadow") or even setuid root.  ckpasswd has not been specifically audited for such uses!  It is, however, a
	   very small program that you should be able to check by hand for security.

	   This configuration is not recommended if it can be avoided, since the NNTP protocol has no way of protecting passwords from casual
	   interception, and using system passwords to authenticate NNTP connections therefore opens you up to the risk of password sniffing.  If
	   you do use system passwords to authenticate connections, you should seriously consider only doing NNTP through ssh tunnels or over SSL.

EXAMPLES

       See readers.conf(5) for examples of nnrpd(8) authentication configuration that uses ckpasswd to check passwords.

HISTORY

       Written by Russ Allbery <rra@stanford.edu> for InterNetNews.

       $Id: ckpasswd.1,v 1.1.2.1 2000/11/06 08:41:11 rra Exp $

SEE ALSO

       readers.conf(5), nnrpd(8)

3rd Berkeley Distribution					      INN 2.3							       CKPASSWD(1)
All times are GMT -4. The time now is 01:02 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy