Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Encrypting password
Operating Systems AIX Encrypting password Post 59324 by gull04 on Thursday 16th of December 2004 08:08:16 AM
Old 12-16-2004
Hi Justman,

I only just joined this forum, but have recently completed a similar exercise.

I have a script and a "c" program that was used to migrate users with the encrypted passwords to a P690 running AIX 5.2. With some slight modification the following should work.

Here is the code for pass.c

===============snip================
#include <stdio.h>
#include <pwd.h>
struct passwd *getpwnam();
main(int argc, char **argv)
{
char salt[3], pass[20], cpass[20];
strcpy(salt,"yM");
strcpy(pass,argv[1]);
strcpy(cpass,crypt(pass,salt));
puts(cpass);
}
================snip===============

Here is one way of using the password stuff.

================snip===============
#!/usr/bin/ksh
#############################################################################
#
# adduser.ksh #
# Description: Adds new users to the system group and sets up initial
# password.
#
# Usage: adduser.ksh < input_file
# where input_file has the format:-
# username userid groupid firstname lastname
#
# Co-Reqs: pass (generate encrypted password)
# gettime (returns seconds since epoch)
#
#############################################################################

#############################################################################
#
# must have root access to run this
#
#############################################################################

if [[ ${LOGNAME} != 'root' ]]
then
print "You must be root to run this"
exit 1;
fi

#############################################################################
#
# define location of binaries
#
#############################################################################

BINDIR=/home/davem/bin

#############################################################################
#
# Make a copy of the user security files to regress the changes made by
# this script all that is required is to copy the files back from the .orig
# versions.
#
#############################################################################

cp /etc/passwd /etc/passwd.orig
cp /etc/security/passwd /etc/security/passwd.orig
cp /etc/group /etc/group.orig


#############################################################################
#
# Start processing the users to be created, echo each to the screen.
#
#############################################################################

read user id group fullname
while [ "$user" != "" ];do
print "User: $user\t\tid: $id\t\tGroup: $group\t\tName: $fullname"
mkuser id=$id pgrp=$group groups=$group,staff,system gecos="$fullname" $user
cat /etc/passwd | sed "/^$user:/s/:\*:/:\!:/" > /etc/passwd.new
mv /etc/passwd.new /etc/passwd
if [ `cat /etc/security/passwd | grep -c "^$user:"` != "1" ];then
print "\n$user:" >> /etc/security/passwd
print "\tpassword = "`$BINDIR/pass CH4ng3me` >> /etc/security/passwd
print "\tlastupdate = "`$BINDIR/gettime` >> /etc/security/passwd
print "\tflags = ADMCHG" >> /etc/security/passwd
fi
read user id group fullname
done


chown root /etc/passwd
chgrp security /etc/passwd
chmod 664 /etc/passwd

exit 0;

==================snip====================

With a little modification it should be possible to do what you require with the pass program.

Rgds

Dave
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

encrypting Unix flatfile

Hi, I am new to unix. I have a flat file that needs to be pgp encyrpted in ASCII format and ftped in Ascii format to remote location. Can any one tell me the steps involved in the pgp encryption of the unix file. I will really appreciate if any one can help me with the pgp encryption shell... (1 Reply)
Discussion started by: rkumar28
1 Replies

2. Shell Programming and Scripting

Encrypting a password for shell script

All, I want to encrypt a database system administration password into a file or environment variable. Then, I want to decrypt the password from the file or environment variable so nobody sees the clear text password. For example, I have the database password of developement. I need to... (1 Reply)
Discussion started by: bubba112557
1 Replies

3. UNIX for Advanced & Expert Users

encrypting files in ksh

I have an ascii file that I want to encrypt and save. I have seen this done before, but cannot remember how, nor can I find anything in any of my manuals or online help. Any ideas how to do this? Thanks, Henry (6 Replies)
Discussion started by: hwollman53
6 Replies

4. Solaris

Encrypting a script......

Hiiiiii..... every one..... I have written a script, and i want to make that script confidential.So that, only i can see that script. I am using " crypt " command in solaris 9, to encrypt that script.But when i am executing this... (6 Replies)
Discussion started by: prashantshukla
6 Replies

5. Shell Programming and Scripting

Encrypting the login password on Solaris 10

Hi, Could you pls. help me in encryting a database password on Solaris 10 Box. eg : username : test password : t est123 The request is to encrypt the test123 so that no one can understand the what the password is ? thanks (7 Replies)
Discussion started by: krackjack
7 Replies

6. Shell Programming and Scripting

Encrypting the password

Iam using the teradata... and running the scripts in unix, I wan to encrypt the teradata password in Unix... my hostname is : bprod usename: KRN777 passwrd: passwrd can ant one tell me the exact command to encrypth the passwrd.... thanks, (5 Replies)
Discussion started by: nani1984
5 Replies

7. Shell Programming and Scripting

Encrypting password

Hello All, I need to accept a password from the user and validate it, without having to hard-code it anywhere. Any ideas? (3 Replies)
Discussion started by: optimus_1
3 Replies

8. Programming

Encrypting/Decrypting passwords

I know that simply encrypting and decrypting passwords in a script is as bad as storing them in plain text, but I've been searching for an answer to this for a few days now, and haven't found an answer that fits the problem I'm having. Here's the scenario. I'll give more details than I think may... (3 Replies)
Discussion started by: mdrisser
3 Replies

9. Solaris

Encrypting or maksing password in cron

Hello experts, I am an PLM application admin, use AIX/SOlaris servers where application is installed to schedule a cron in my system this what i do Login to AIX/Unix system using an OS account, Schedule a service to execute the required script - The script will have a PLM utility and... (4 Replies)
Discussion started by: kraghum
4 Replies

10. High Performance Computing

Encrypting interconnect

Hi, i've got a qusetion regarding interconnect of compute nodes. In our company we are running a Simulation Cluster which is administrated by the Simulation department. Now our central IT requires to encrypt the interconnect of the compute nodes. Does anybody in that business encrypt... (3 Replies)
Discussion started by: fiberkill
3 Replies

LEARN ABOUT CENTOS

d_passwd

d_passwd(4)							   File Formats 						       d_passwd(4)

NAME

       d_passwd - dial-up password file

SYNOPSIS

       /etc/d_passwd

DESCRIPTION

       A  dial-up  password is an additional password required of users who access the computer through a modem or dial-up port. The correct pass-
       word must be entered before the user is granted access to the computer.

       d_passwd is an ASCII file which contains a list of executable programs (typically shells) that require a dial-up password and  the  associ-
       ated encrypted passwords. When a user attempts to log in on any of the ports listed in the dialups file (see dialups(4)), the login program
       looks at the user's login entry stored in the passwd file (see passwd(4)), and compares the login shell field to the entries  in  d_passwd.
       These entries determine whether the user will be required to supply a dial-up password.

       Each entry in d_passwd is a single line of the form:

       login-shell:password:

       where

       login-shell     The name of the login program that will require an additional dial-up password.

       password        An  encrypted  password. Users accessing the computer through a dial-up port or modem using login-shell will be required to
		       enter this password before gaining access to the computer.

       d_passwd should be owned by the root user and the root group. The file should have read and write permissions for the owner (root) only.

       If the user's login program in the passwd file is not found in d_passwd or if the login shell field in passwd is empty, the user must  sup-
       ply  the  default  password.  The default password is the entry for /usr/bin/sh. If d_passwd has no entry for /usr/bin/sh, then those users
       whose login shell field in passwd is empty or does not match any entry in d_passwd will not be prompted for a dial-up password.

       Dial-up logins are disabled if d_passwd has only the following entry:

       /usr/bin/sh:*:

EXAMPLES

       Example 1: Sample d_passwd file.

       Here is a sample d_passwd file:

       /usr/lib/uucp/uucico:q.mJzTnu8icF0:
       /usr/bin/csh:6k/7KCFRPNVXg:
       /usr/bin/ksh:9df/FDf.4jkRt:
       /usr/bin/sh:41FuGVzGcDJlw:

   Generating An Encrypted Password
       The passwd (see passwd(1)) utility can be used to generate the encrypted password for each login program. passwd generates encrypted  pass-
       words  for  users  and places the password in the shadow (see shadow(4)) file. Passwords for the d_passwd file will need to be generated by
       first adding a temporary user id using useradd (see useradd(1M)), and then using passwd(1) to generate the desired password in  the  shadow
       file. Once the encrypted version of the password has been created, it can be copied to the d_passwd file.

       For example:

       1.
	   Type useradd tempuser and press Return. This creates a user named tempuser.

       2.  Type passwd tempuser and press Return. This creates an encrypted password for tempuser and places it in the shadow file.

       3.  Find the entry for tempuser in the shadow file and copy the encrypted password to the desired entry in the d_passwd file.

       4.  Type userdel tempuser and press Return to delete tempuser.

       These steps must be executed as the root user.

FILES

       /etc/d_passwd	       dial-up password file

       /etc/dialups	       list of dial-up ports requiring dial-up passwords

       /etc/passwd	       password file

       /etc/shadow	       shadow password file

SEE ALSO

       passwd(1), useradd(1M), dialups(4), passwd(4), shadow(4)

WARNINGS

       When  creating  a  new  dial-up password, be sure to remain logged in on at least one terminal while testing the new password. This ensures
       that there is an available terminal from which you can correct any mistakes that were made when the new password was added.

SunOS 5.10							    2 Sep 2004							       d_passwd(4)
All times are GMT -4. The time now is 05:24 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy