Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How to store the passwords securely and use in scripts?
Top Forums Shell Programming and Scripting How to store the passwords securely and use in scripts? Post 303034153 by karumudi7 on Friday 19th of April 2019 01:24:48 PM
Old 04-19-2019
Sorry for the late message....


Thanks for all the valuable inputs.


Here is the scenario:
I have a group of developers that write scripts on AIX 7.
I don't want everyone to hard code the database (IBM DB2) passwords in their shell script.
If I put the global configuration file and controlled with file system permissions, one can use
Code:
echo

statement to split that into a log.


I think the other way to achieve is, if I provide a database connect method in global file, then one can call the method when the script needs to connect to database. Still there will be security gaps, but may be a workaround.
 

8 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

How to pass passwords to bash scripts?

I'm finding the following command very tedious to type in all the time, so I created a one line bash script called mount.bash with the following contents: mount -t cifs //mark/C\$ -o unc=//mark\\C$,ip=10.1.1.33,user=Administrator,password=$1 /mnt/mark I don't like the fact that I have to put... (5 Replies)
Discussion started by: siegfried
5 Replies

2. Shell Programming and Scripting

Checking passwords - scripts

Hi Unix experts.... I am in the process checking user and root password of more than 1000 servers manulay. I am very pissed of checking these many servers manualy. Could some one of you help me how can i check the passwords just by runing some scripts..! Need Help Guys..! :confused: (5 Replies)
Discussion started by: bullz26
5 Replies

3. Solaris

installing solaris securely

Ok, I am trying to install solaris, but I would like as a lean installation as possible (while still having a shread of functionality). If I chose the minimal install I have little if no utilities to do work on the box. My question is what installation method do most admins take? ... (7 Replies)
Discussion started by: liven
7 Replies

4. Shell Programming and Scripting

Oracle Passwords in Unix scripts

Hi Most of the shell scripts I am dealing with have to connect to oracle database . The username password is stored in a environment file which sets the variables for username and password . Set user id do not work on AIX so users who will execute these scripts need to have read or execute... (5 Replies)
Discussion started by: clifford
5 Replies

5. Shell Programming and Scripting

SSH - Passing Unix login passwords through shell scripts

Hi All , I need to call a script runscript_B.sh on server A, the runscript_B.sh script locating in server B. The runscript_B.sh in calls another script runscript_A on server A itself. it seend, i need to be connect from Server A to Server B using ssh. I have tryed like this in... (3 Replies)
Discussion started by: koti_rama
3 Replies

6. UNIX for Advanced & Expert Users

When did UNIX start using encrypted passwords, and not displaying passwords when you type them in?

I've been using various versions of UNIX and Linux since 1993, and I've never run across one that showed your password as you type it in when you log in, or one that stored passwords in plain text rather than encrypted. I'm writing a script for work for a security audit, and two of the... (5 Replies)
Discussion started by: Anne Neville
5 Replies

7. AIX

When did AIX start using /etc/security/passwd instead of /etc/passwd to store encrypted passwords?

Does anyone know when AIX started using /etc/security/passwd instead of /etc/passwd to store encrypted passwords? (1 Reply)
Discussion started by: Anne Neville
1 Replies

8. UNIX for Advanced & Expert Users

Store passwords , accounts, IPs, hostnames

Hi, this question is not specially unix related, but I expect advanced and expert unix users to have a solution for this, and I've found no other subforum that fits ;) what do you use to store accounts, customer ids, ip addresses, users and specially passwords, to access them from... (6 Replies)
Discussion started by: funksen
6 Replies

LEARN ABOUT DEBIAN

pwgen

PWGEN(1)						      General Commands Manual							  PWGEN(1)

NAME

       pwgen - generate pronounceable passwords

SYNOPSIS

       pwgen [ OPTION ] [ pw_length ] [ num_pw ]

DESCRIPTION

       The  pwgen program generates passwords which are designed to be easily memorized by humans, while being as secure as possible.  Human-memo-
       rable passwords are never going to be as secure as completely completely random passwords.  In particular,  passwords  generated  by  pwgen
       without	the -s option should not be used in places where the password could be attacked via an off-line brute-force attack.   On the other
       hand, completely randomly generated  passwords have a tendency to be written down, and are subject to being compromised in that fashion.

       The pwgen program is designed to be used both interactively, and in shell scripts.   Hence,  its  default  behavior  differs  depending	on
       whether the standard output is a tty device or a pipe to another program.  Used interactively, pwgen will display a screenful of passwords,
       allowing the user to pick a single password, and then quickly erase the screen.	This prevents someone from being able to  "shoulder  surf"
       the user's chosen password.

       When  standard  output  (stdout)  is  not  a tty, pwgen will only generate one password, as this tends to be much more convenient for shell
       scripts, and in order to be compatible with previous versions of this program.

       In addition, for backwards compatibility reasons, when stdout is not a tty and secure password generation  mode	has  not  been	requested,
       pwgen  will  generate  less secure passwords, as if the -0A options had been passed to it on the command line.  This can be overriden using
       the -nc options.  In the future, the behavior when stdout is a tty may change, so shell scripts using pwgen should explicitly  specify  the
       -nc or -0A options.  The latter is not recommended for security reasons, since such passwords are far too easy to guess.

OPTIONS

       -0, --no-numerals
	      Don't include numbers in the generated passwords.

       -1     Print the generated passwords one per line.

       -A, --no-capitalize
	      Don't bother to include any capital letters in the generated passwords.

       -a, --alt-phonics
	      This option doesn't do anything special; it is present only for backwards compatibility.

       -B, --ambiguous
	      Don't  use  characters that could be confused by the user when printed, such as 'l' and '1', or '0' or 'O'.  This reduces the number
	      of possible passwords significantly, and as such reduces the quality of the passwords.  It may be useful	for  users  who  have  bad
	      vision, but in general use of this option is not recommended.

       -c, --capitalize
	      Include at least one capital letter in the password.  This is the default if the standard output is a tty device.

       -C     Print the generated passwords in columns.  This is the default if the standard output is a tty device.

       -N, --num-passwords=num
	      Generate num passwords.  This defaults to a screenful if passwords are printed by columns, and one password.

       -n, --numerals
	      Include at least one number in the password.  This is the default if the standard output is a tty device.

       -H, --sha1=/path/to/file[#seed]
	      Will  use  the  sha1's  hash  of given file and the optional seed to create password. It will allow you to compute the same password
	      later, if you remember the file, seed, and pwgen's options used.	ie: pwgen -H ~/your_favorite.mp3#your@email.com gives  a  list	of
	      possibles passwords for your pop3 account, and you can ask this list again and again.

	      WARNING:	The  passwords	generated  using  this option are not very random.  If you use this option, make sure the attacker can not
	      obtain a copy of the file.  Also, note that the name of the file may be easily available	from  the  ~/.history  or  ~/.bash_history
	      file.

       -h, --help
	      Print a help message.

       -s, --secure
	      Generate	completely  random,  hard-to-memorize  passwords.   These  should only be used for machine passwords, since otherwise it's
	      almost guaranteed that users will simply write the password on a piece of paper taped to the monitor...

       -v, --no-vowels
	      Generate random passwords that do not contain vowels or numbers that might be mistaken for vowels.  It provides  less  secure  pass-
	      words to allow system administrators to not have to worry with random passwords accidentally contain offensive substrings.

       -y, --symbols
	      Include at least one special character in the password.

AUTHOR

       This  version  of pwgen was written by Theodore Ts'o <tytso@alum.mit.edu>.  It is modelled after a program originally written by Brandon S.
       Allbery, and then later extensively modified by Olaf Titz,  Jim Lynch, and others.  It was rewritten from scratch by Theodore Ts'o  because
       the original program was somewhat of a hack, and thus hard to maintain, and because the licensing status of the program was unclear.

SEE ALSO

       passwd(1)

pwgen version 2.05						   January 2006 							  PWGEN(1)
All times are GMT -4. The time now is 04:33 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy