Re: Automatically generating password for passwd

Alexander Skwar · ‎08-02-2004

Hello.

I'd "like" to migrate a few hundred users into a NIS passwd file of a HP-UX 11.00 server. Since I do not really want to type the password, I'd like to generate it automatically and pass it to passwd. With GNU passwd, I'd be able to use "--stdin" (like in 'echo foo | passwd --stdin bar').

I'm now looking for one of the following:

- a tool, which I can pass the password (or any string) and which will return the crypted password (like "Dk9wOcEq50TRs"), so that I can create a passwd line manually
- a tool, just like useradd, however with the option to also pass a password

This is a "untrusted" (ie. not-trusted *G*) HP-UX 11.00 server.

Thanks a lot,
Alexander

Dino_4 · ‎08-02-2004

Hi,

you said, you'd like to "migrate" the users.

If I understand correct, the users are already created.
In that case, by executing the ypinit the original passwd will be used to create the NIS-Map.
All users will keep their passwords.

You don't have to enter a new password for every user.

Am I missing here something?

Alexander Skwar · ‎08-02-2004

I'm migrating them from a Sun passwd file and would like to force a new password upon them.

Dino_4 · ‎08-03-2004

Hi,

ok, now I understand.

It's possible to create a PW-String and copy it into the passwd.

You create one test-user on the HP-UX system generating a standard password with the option to force a change at first login.
Then you are able to echo this crypted string for every user into the passwd and get your NIS-map.

Its a security issue of course since all users would have the same password until it's changed by the user.

Alexander Skwar · ‎08-03-2004

Well, yeah, I was aware of that option. I'd like to have a different password for every user, though.

Dino_4 · ‎08-03-2004

Ok, how about this one here:

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=628521

curt larson_1 · ‎08-03-2004

it is fairly easier to write a script to do this:

1) test your password string for your security requirements, i.e. appropriate length, number of upper case characters, number or digits, etc.

2) make your string 8 characters in length
if it is longer then 8, truncate it to 8.
if less then 8, pad with null characters to get 8 characters.

3) get the two character salt.
the salt characters are the upper and lower case letters, the digits 0-9 and . (dot/period) and / (slash).

you could just use the same two for all the passwords or create an array with the above characters, then array[$RANDOM/512] will give you somewhat random salt characters.

4) encrypt your 10 character string (8 character string and 2 character salt).
print "${password}$salt" | makekey

there is your encrypted password

A. Clay Stephenson · ‎08-03-2004

Here's a Perl script to do it and it automatically creates a random salt value:

For each line of stdin plaintext, it generates a crypted passwd:

PLAINTEXT="secret"
PWHASH=$(echo "${PLAINTEXT}" | makepw.pl)
echo "${PLAINTEXT} -> ${PWHASH}"

If it ain't broke, I can fix that.

A. Clay Stephenson · ‎08-03-2004

Here's a Perl script to do it and it automatically creates a random salt value:

For each line of stdin plaintext, it generates a crypted passwd:

PLAINTEXT="secret"
PWHASH=$(echo "${PLAINTEXT}" | makepw.pl)
echo "${PLAINTEXT} -> ${PWHASH}"

If it ain't broke, I can fix that.

Kenneth_19 · ‎08-03-2004

Hi,

Here is a c program that will generate encrypted password you supplied, or return a random generated password with in plain and encrypted format, example:

# encrypt
OKFBrfm:WkBJX5PPU8LzY

The output can be divided into two portions with the delimiter ":", the first portion is the random generated password, and the second part is the encrypted string of the password.

Well, there is a bug in this program. In case you got a "/" in the encryted value, please discard it, as I found that it will cause problem when placed in the passwd file:

# encrypt
m6kw6NR:lGG/UBe.vDACQ <- DISCARD!!!

If you want it to encrypt a password you specify, say "1234567" you can:

# encrypt
1234567:webdcfoCllqDQ

Always take care of your dearest before it is too late

Pepe Jimenez Muñoz · ‎08-03-2004

Hi Alexander,

we use "expect" to do this.

#!/usr/local/bin/expect -f
# wrapper to make passwd(1) be non-interactive
# username is passed as 1st arg, passwd as 2nd, yo
# I modify this, the 3 parameter is the old password
#
# This is the HP-UX dialog for passwd command:
# Old passwd:
# New password:
# Re-enter new password:

set newpassword [lindex $argv 1]
spawn /usr/bin/passwd [lindex $argv 0]
expect "New password:"
send "$newpassword\r"
expect "Re-enter new password:"
send "$newpassword\r"
expect eof

You can find more information in http://expect.nist.gov/

Hope this help.

ppviso

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Automatically generating password for passwd

Automatically generating password for passwd