HPE Community
Operating System - Linux
1819941 Members
3526 Online
109607 Solutions
New Discussion юеВ

Creating a password hash

 
SOLVED
Go to solution
Jeff_Traigle
Honored Contributor

тАО02-15-2007 06:12 AM

тАО02-15-2007 06:12 AM

Creating a password hash

I have a script on HP-UX that I wrote that generates a hash of an 8 character string with makekey. Although the resulting hash seems to satisfy HP-UX for authenticating, SUSE Linux doesn't like it and won't authenticate until I change the password from the Linux system. (NIS is used so the same hash is used cross-platform.) Ideally, I'd like to keep the hash looking random instead of hard coding a known HP-UX- and SUSE-friendly hash for the default password we use when creating a new account. Any ideas?
--
Jeff Traigle
0 Kudos
Reply
7 REPLIES 7
James R. Ferguson
Acclaimed Contributor

тАО02-15-2007 10:08 AM

тАО02-15-2007 10:08 AM

Solution

Re: Creating a password hash

Hi Jeff:

Perhaps:

# cat ./makepw
#!/usr/bin/perl -l
die "One arg expected\n" unless @ARGV;
print crypt(
$ARGV[0],
join( '',
( '.', '/', 0 .. 9, 'A' .. 'Z', 'a' .. 'z' )[ rand 64, rand 64 ] )
);
1;

...run as:

# ./makepw plaintext

Regards!

...JRF...
Reply
Andrew Cowan
Honored Contributor

тАО02-15-2007 06:37 PM

тАО02-15-2007 06:37 PM

Re: Creating a password hash

This is because the standard hashing algorithms used by the OS's are different. Most linux variants use MD5 as their standard.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО02-15-2007 09:02 PM

тАО02-15-2007 09:02 PM

Re: Creating a password hash

Shalom,

Its also known that HP-UX systems with normal security will not authenticate to linux NIS servers with shadow password.

I'm not even sure it will work if you go trusted or install shaldow passwords.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Jeff_Traigle
Honored Contributor

тАО02-16-2007 12:10 AM

тАО02-16-2007 12:10 AM

Re: Creating a password hash

I'll give that script a try.

The NIS servers (both master and slaves) are HP-UX systems. The Linux systems are only NIS clients.

I found it a bit odd that using makekey to generate the hash would work for HP-UX, but not SUSE... yet changing the password from the Linux client (logged in as root to change the new user's password), created a hash that was decipherable by both platforms. I don't remember if I tried changing the password from the HP-UX systems. Although that won't help the solution, it would be interesting to know the result.
--
Jeff Traigle
0 Kudos
Reply
Frank Larsen
Occasional Contributor

тАО02-16-2007 02:03 AM

тАО02-16-2007 02:03 AM

Re: Creating a password hash

I use this script generating passwords on a SUSE-servers:

# Sets the maximum size of the password the script will generate
MAXSIZE=8

# Holds valid password characters. I choose alpha-numeric + the shift-number keyboard keys
# I put escape chars on all the non alpha-numeric characters just for precaution
array1=(
q w e r t y u i o p a s d f g h j k l z x c v b n m Q W E R T Y U I O P A S D
F G H J K L Z X C V B N M 1 2 3 4 5 6 7 8 9
)

# Used in conjunction with modulus to keep random numbers in range of the array size
MODNUM=${#array1[*]}

# Keeps track of the number characters in the password we have generated
pwd_len=0

# The outer while loop starts at 0 and loops till MAXSIZE, creating a passwd char each iteration.
# The shells $RANDOM variable creates a semi-random unsigned number. This is our entropy. =x
# x simply holds some random unsigned int that will be used to make the character scramble.
# 500 was choosen for speed and nothing else. Leave out the mod 500 if you want or change it.
# The inner loop displays the password characters. Tput keeps the cursor in the proper position.
# Mod MODNUM keeps the random number inside the size of the array so it doesnt over index.
PASSWORD=""
while [ $pwd_len -lt $MAXSIZE ]
do
x=$(($RANDOM%500))
y=0
while [ $y -lt $x ]
do
((y++))
index=$(($RANDOM%$MODNUM))
done
PASSWORD="${PASSWORD}${array1[$index]}"
((pwd_len++))
done

# Crypt password
PASSWORDCRYPT=$(openssl passwd "$PASSWORD")
Reply
Jeff_Traigle
Honored Contributor

тАО02-16-2007 02:51 AM

тАО02-16-2007 02:51 AM

Re: Creating a password hash

Nice. Both the perl script and the "openssl passwd" command seemed to create hashed passwords that both HP-UX and SUSE were happy with. Think I'll go with the openssl option though. One less script to worry about and doesn't require generating the seed characters.
--
Jeff Traigle
0 Kudos
Reply
Jeff_Traigle
Honored Contributor

тАО02-16-2007 03:28 AM

тАО02-16-2007 03:28 AM

Re: Creating a password hash

*Grumble*

Ok. Now I'm thinking my original algorithm with make key worked for the hash too.

Here's what I've narrowed the problem to now that I've played with it some more...

Once the hash is created, I append ",..." to immediately expire the password so the user is forced to change it when they first login. This works fine on the HP-UX systems. The Linux systems can't handle this.

If I login to an HP-UX system and change the password, the hash created for the new password is also not recognized by the Linux systems.
--
Jeff Traigle
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.