HPE Community
Operating System - HP-UX
1825007 Members
2900 Online
109678 Solutions
New Discussion юеВ

Automatically generating password for passwd

 
SOLVED
Go to solution
Alexander Skwar
Frequent Advisor

тАО08-02-2004 09:42 PM

тАО08-02-2004 09:42 PM

Automatically generating password for passwd

Hello.

I'd "like" to migrate a few hundred users into a NIS passwd file of a HP-UX 11.00 server. Since I do not really want to type the password, I'd like to generate it automatically and pass it to passwd. With GNU passwd, I'd be able to use "--stdin" (like in 'echo foo | passwd --stdin bar').

I'm now looking for one of the following:

- a tool, which I can pass the password (or any string) and which will return the crypted password (like "Dk9wOcEq50TRs"), so that I can create a passwd line manually
- a tool, just like useradd, however with the option to also pass a password

This is a "untrusted" (ie. not-trusted *G*) HP-UX 11.00 server.

Thanks a lot,
Alexander
0 Kudos
Reply
10 REPLIES 10
Dino_4
Frequent Advisor

тАО08-02-2004 10:47 PM

тАО08-02-2004 10:47 PM

Re: Automatically generating password for passwd


Hi,

you said, you'd like to "migrate" the users.

If I understand correct, the users are already created.
In that case, by executing the ypinit the original passwd will be used to create the NIS-Map.
All users will keep their passwords.

You don't have to enter a new password for every user.

Am I missing here something?
0 Kudos
Reply
Alexander Skwar
Frequent Advisor

тАО08-02-2004 10:55 PM

тАО08-02-2004 10:55 PM

Re: Automatically generating password for passwd

I'm migrating them from a Sun passwd file and would like to force a new password upon them.
0 Kudos
Reply
Dino_4
Frequent Advisor

тАО08-03-2004 12:07 AM

тАО08-03-2004 12:07 AM

Re: Automatically generating password for passwd


Hi,

ok, now I understand.

It's possible to create a PW-String and copy it into the passwd.

You create one test-user on the HP-UX system generating a standard password with the option to force a change at first login.
Then you are able to echo this crypted string for every user into the passwd and get your NIS-map.

Its a security issue of course since all users would have the same password until it's changed by the user.
0 Kudos
Reply
Alexander Skwar
Frequent Advisor

тАО08-03-2004 12:09 AM

тАО08-03-2004 12:09 AM

Re: Automatically generating password for passwd

Well, yeah, I was aware of that option. I'd like to have a different password for every user, though.
0 Kudos
Reply
Dino_4
Frequent Advisor

тАО08-03-2004 01:08 AM

тАО08-03-2004 01:08 AM

Re: Automatically generating password for passwd


Ok, how about this one here:

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=628521
0 Kudos
Reply
curt larson_1
Honored Contributor

тАО08-03-2004 01:34 AM

тАО08-03-2004 01:34 AM

Re: Automatically generating password for passwd

it is fairly easier to write a script to do this:

1) test your password string for your security requirements, i.e. appropriate length, number of upper case characters, number or digits, etc.

2) make your string 8 characters in length
if it is longer then 8, truncate it to 8.
if less then 8, pad with null characters to get 8 characters.

3) get the two character salt.
the salt characters are the upper and lower case letters, the digits 0-9 and . (dot/period) and / (slash).

you could just use the same two for all the passwords or create an array with the above characters, then array[$RANDOM/512] will give you somewhat random salt characters.

4) encrypt your 10 character string (8 character string and 2 character salt).
print "${password}$salt" | makekey

there is your encrypted password
Reply
A. Clay Stephenson
Acclaimed Contributor

тАО08-03-2004 11:04 AM

тАО08-03-2004 11:04 AM

Solution

Re: Automatically generating password for passwd

Here's a Perl script to do it and it automatically creates a random salt value:

For each line of stdin plaintext, it generates a crypted passwd:

PLAINTEXT="secret"
PWHASH=$(echo "${PLAINTEXT}" | makepw.pl)
echo "${PLAINTEXT} -> ${PWHASH}"

If it ain't broke, I can fix that.
Reply
A. Clay Stephenson
Acclaimed Contributor

тАО08-03-2004 11:04 AM

тАО08-03-2004 11:04 AM

Re: Automatically generating password for passwd

Here's a Perl script to do it and it automatically creates a random salt value:

For each line of stdin plaintext, it generates a crypted passwd:

PLAINTEXT="secret"
PWHASH=$(echo "${PLAINTEXT}" | makepw.pl)
echo "${PLAINTEXT} -> ${PWHASH}"

If it ain't broke, I can fix that.
0 Kudos
Reply
Kenneth_19
Trusted Contributor

тАО08-03-2004 12:54 PM

тАО08-03-2004 12:54 PM

Re: Automatically generating password for passwd

Hi,

Here is a c program that will generate encrypted password you supplied, or return a random generated password with in plain and encrypted format, example:

# encrypt
OKFBrfm:WkBJX5PPU8LzY

The output can be divided into two portions with the delimiter ":", the first portion is the random generated password, and the second part is the encrypted string of the password.

Well, there is a bug in this program. In case you got a "/" in the encryted value, please discard it, as I found that it will cause problem when placed in the passwd file:

# encrypt
m6kw6NR:lGG/UBe.vDACQ <- DISCARD!!!

If you want it to encrypt a password you specify, say "1234567" you can:

# encrypt
1234567:webdcfoCllqDQ
Always take care of your dearest before it is too late
Reply
Pepe Jimenez Mu├▒oz
Frequent Advisor

тАО08-03-2004 06:25 PM

тАО08-03-2004 06:25 PM

Re: Automatically generating password for passwd

Hi Alexander,

we use "expect" to do this.

#!/usr/local/bin/expect -f
# wrapper to make passwd(1) be non-interactive
# username is passed as 1st arg, passwd as 2nd, yo
# I modify this, the 3 parameter is the old password
#
# This is the HP-UX dialog for passwd command:
# Old passwd:
# New password:
# Re-enter new password:

set newpassword [lindex $argv 1]
spawn /usr/bin/passwd [lindex $argv 0]
expect "New password:"
send "$newpassword\r"
expect "Re-enter new password:"
send "$newpassword\r"
expect eof

You can find more information in http://expect.nist.gov/

Hope this help.
ppviso
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.