HPE Community
Operating System - HP-UX
1753396 Members
7292 Online
108792 Solutions
New Discussion юеВ

Re: Ways to encrypt passwd in shell script

 
SOLVED
Go to solution
Ivan Ferreira
Honored Contributor

тАО01-18-2006 11:34 PM

тАО01-18-2006 11:34 PM

Re: Ways to encrypt passwd in shell script

I wonder if you run "strings" over the shm file, will be able to see the username and password.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
Reply
Frank de Vries
Respected Contributor

тАО01-18-2006 11:40 PM

тАО01-18-2006 11:40 PM

Re: Ways to encrypt passwd in shell script

Interesting extra intelligence, could
be handy to know.
I presume shm files are the extended tables ?

I value your input.

Knowledge = power = $$$$$
Look before you leap
0 Kudos
Reply
Arturo Galbiati
Esteemed Contributor

тАО01-19-2006 09:24 PM

тАО01-19-2006 09:24 PM

Re: Ways to encrypt passwd in shell script

Hi Frank,
I had in the past your same problem.
To fix this I put all the datbase passwords in a file crypted *I handle it using vi -x).
To get the password in the script I develloped a script that giving in input the user retrun the password in clear.
Let me know if you are intersted in this and I can post it.
(I like avoind post unrequested script).
HTH,
Art
0 Kudos
Reply
Frank de Vries
Respected Contributor

тАО01-19-2006 09:29 PM

тАО01-19-2006 09:29 PM

Re: Ways to encrypt passwd in shell script

Arturo
Yes that could solve a lot of time and admin
for me , thanks !!
Look before you leap
0 Kudos
Reply
Arturo Galbiati
Esteemed Contributor

тАО01-20-2006 02:36 AM

тАО01-20-2006 02:36 AM

Re: Ways to encrypt passwd in shell script

Hi,
these are the files I use.
1].
Create a directory ACCESS under unix user i.e.: pwdadm
/home/pwdadm/ACCESS

1].create the crypted file .access:

vi -x your_key access.dat
# Record format: unix_user;key;value
# The separator MUST be ';', space is a valid character
pwdadm;logon;password
#eof

logon is the database user and passowrd is teh user password

3]. created the parameter file .access
#!/usr/bin/ksh
export AccKey=your_key
export AccUsr=$(whoami)
#eof

4. create the script access.ksh:
#!/usr/bin/ksh
typeset -l ScrStr="${AccUsr};${1}"
#
AccFil=/home/pwdadm/ACCESS/access.dat
AccKey=${AccKey:-dummy}
AccVal=$(crypt $AccKey<$AccFil|awk -F"${ScrStr};" '/'$ScrStr'/ {print $2}')
if [[ -z "$AccVal" ]] ;then
echo "********"
exit 1
else
echo "$AccVal"
fi
#eof

the files should be these permissions:
-rwxr-xr-x .access
-rw-r--r-- access.dat
-rwxr-xr-x access.ksh

and the directories msut be readabel by all
(if you want to use this way in each Unix user, otherwise decide different permission)
Take care to add the path in your $PATH so any users can use it.

in your script you have to use:
. access
Oracle_password=$(access.ksh oracle_user)

the script access.ksh retuns the password for the oracle_user if aclled for the unix user pwdadm. You can have same user/password for different unix users.

HTH,
Art

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.