[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] Password file

From: Chris Hobbs <chris clanhobbs org>
To: k12osn redhat com
Subject: Re: [K12OSN] Password file
Date: Wed Apr 2 17:52:11 2003

IMO, the better way to do this is not to modify these files directly. Their are utilities on your system to handle adding users without going through the hassle of directly modifying those files. Automating those utilities is the key. Attached please find a perl script that I use to add users in bulk. It uses the newusers command to add linux users, and smbpasswd to add samba users. The input file is their username (we use their student IDs), a tab, and then their real name ("Bob Jones").

You'll also need to know the next ID number that should start this batch. You can get that from /etc/passwd by finding the largest UID and adding one. The following one-liner from the command line will get you that highest UID:

cut -d ":" -f 3 /etc/passwd | sort -n | tail -1

You'll probably need to tweak the script a bit - for example, on the system I pulled this from we're using quotas, so if you're not using quotas, you'll need to remove that small section.

A few words of caution:

1) This script does not try to be secure. It writes a temporary file for each student out to the current directory, and then immediately deletes it after use, but during that time there is the potential for someone else to read that file. I recommend locking down the system while you do the import.

2) My password generation routine is nowhere near as secure as the one Eric was using. I elected not to use completely random passwords, which significantly reduces the password space (but makes it easier for users to memorize their password) - this also makes it easier to brute force attack your server.

3) In an attempt to avoid automatically generating "offensive" passwords, there is an array in my script that is nothing but a list of "bad" words to not use - please do not be offended when you read the script :)

4) The script outputs a file (inputfilename.pwl) with all of the student names and their plain-text passwords. We use this file to generate business sized cards from a database program for the students to have. It represents a security risk, so be mindful.

I hope this helps!

Jennifer Waters wrote:

Eric Harrison wrote a perl script for me to create a
password file.  I needed one that would create a
password file of all the students in the school,
without me having to hand input the names and
passwords.  Eric did this and it worked great.  It
created a name and password for each student.  The
only problem is that it does not create a shadow file.
 Without the shadow file, we cannot access the names
that have been created.  I have been working on this
for almost two years, but I know I am getting closer
to having a finish product that I can  use without a
lot of fuss.  I needed something that is easy to use
and others can use if I am not here.  I tried using
some other suggestions, but I couldn't seem to get
them working and you still had to create the password
yourself.  This I did not want to do with almost 1,300
names.
I still need to add to the shadow file and samba password file. I have a lot of Windows 98 and 2000 machines. The Windows 98 machines are easy to use, but the Windows 2000 machines are real stinkers. I still haven't figured what and how I need to do to connect these machines to my LTSP servers. In Windows 2000 you have to log in and it looks at a file on the computer, but I want it to look at the server. I need to learn how to do this. I received recommendations earlier, but I couldn't quiet figure out what to do. Can someone give me directions that are very simple.

--
      _             _    _       _     _       chris clanhobbs org
     | |           | |  | |     | |   | | http://www.clanhobbs.org
  ___| | __ _ _ __ | |__| | ___ | |__ | |__  ___   ___  _ __ __ _
 / __| |/ _` | '_ \|  __  |/ _ \| '_ \| '_ \/ __| / _ \| '__/ _` |
| (__| | (_| | | | | |  | | (_) | |_) | |_) \__ \| (_) | | | (_| |
 \___|_|\__,_|_| |_|_|  |_|\___/|_.__/|_.__/|___(_)___/|_|  \__, |
                                                             __/ |
                                                            |___/

#!/usr/bin/perl

# Input file in the form of ID\tDescription Field

unless (@ARGV == 2) {
	print "\n   Usage: $0 input_file num_id\n\n";
	die "\n";
}

# Load in info from input file

open NEWUSERS, $ARGV[0] || die "Unable to open input file: $!";
@newusers = <NEWUSERS>;
close NEWUSERS;

# Set up for password generator

@badwords = qw/ass bra die fag fat gay god hag jew pot sex tit acne anal
		anus babe beer boob bras buns butt cock coon damn dike
		dope drug dung dyke fags fats geld gods gore gory hate hebe
		hell hoar homo hump hung jews jerk jugs kill kink kiss klan
		klux lacy laid leek lewd lick lust mama moan muff nazi nude
		orgy piss pimp puke puss rape rump sexy shit smut suck stud
		tits ugly womb/;

for (@badwords) {$is_badword{$_} = 1}

open DICT, "/usr/dict/linux.words";
foreach (<DICT>) {
	chomp;
	if ((length($_) == 3) && ($is_badword{lc($_)} != 1)) {push @three, $_}
	if ((length($_) == 4) && ($is_badword{lc($_)} != 1)) {push @four, $_}
}
close DICT;

@nums = qw/! @ # $ % ^ & * ( ) - _ + = \\ \/ ; ' " [ ] { }/;

# First uid to use - from command line

$num_id = $ARGV[1];


foreach (@newusers) {
	($uid, $fname, $lname) = split (/\t/);
	$desc = $fname." ".$lname;
	chomp $desc;
	$clr_txt_passwd = gen_passwd ();
	open TEMP_ONE, ">temp_one" || die "Unable to open first output file: $!\n";

	# Output temporary file for newusers command

	print TEMP_ONE "${uid}:${clr_txt_passwd}:${num_id}:student:${desc}:/home/${uid}:/bin/bash\n";
	close TEMP_ONE;

	# Run newusers command on one line file temp_one

	print `/usr/sbin/newusers temp_one\n`;

	# Unlink temp_one file

	unlink "temp_one";
	
	# Output uid and password to list...

	open STUDENT_LIST, ">>$ARGV[0].pwl";
	print STUDENT_LIST "$uid\t$clr_txt_passwd\t$desc\n";
	close STUDENT_LIST;

	# Add user to smbpasswd...
#	sleep(1);

	open SMB_TEMP, ">smb_temp";
	print SMB_TEMP "$clr_txt_passwd\n$clr_txt_passwd";
	close SMB_TEMP;
	print `/usr/bin/smbpasswd -a -n $uid\n`;
	print `/usr/bin/smbpasswd -s $uid < /root/users/smb_temp`;
	unlink "smb_temp";

	# Set user quota

	print `/usr/sbin/edquota -p ttest $uid\n`;

	$num_id++;
}

sub gen_passwd () {

	$threeleft = int (rand() + 0.5);
	$upperleft = int (rand() + 0.5);

	if ($threeleft) {
		if ($upperleft) {
			$pass = uc ($three[rand(@three)]);
			$pass .= $nums[rand(@nums)];
			$pass .= lc ($four[rand(@four)]);
		} else {
			$pass = lc ($three[rand(@three)]);
			$pass .= $nums[rand(@nums)];
			$pass .= uc ($four[rand(@four)]);
		}
	} else {
		if ($upperleft) {
			$pass = uc ($four[rand(@four)]);
			$pass .= $nums[rand(@nums)];
			$pass .= lc ($three[rand(@three)]);
		} else {
			$pass = lc ($four[rand(@four)]);
			$pass .= $nums[rand(@nums)];
			$pass .= uc ($three[rand(@three)]);
		}
	}
			
	return $pass;
}

Follow-Ups:
- Re: [K12OSN] Password file
  - From: Jan Wilson

References:
- [K12OSN] Password file
  - From: Jennifer Waters

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]