RE: Kickstart User Creation

[John <red computerdatasafe com au>]

On Mon, 28 Apr 2003, Joshi, Vinay (MED, GEMS-IT) wrote:

> I dont know the issue with encrypted passwds. As said before can be
> picked up from shadow file.
> or if you really want..  generate it .Create an executable ( compiled 4
> line C code, using crypt(), and seed as same as supplied passwd
> generates the system passwds)
>  

One thing bothers me no end. These passwords are generated with a salt.
I've looked that the code (on Debian, that being to hand), and I see
where the salt is a somewhat-randomly-generated string.

I used this code:
summer Numbat:~$ cat bin/pw.encrypt
#!/usr/bin/perl -w
$passwd = $ARGV[0];
$salt = "\$1\$".$ARGV[1]."\$";

print(crypt($passwd, $salt)."\n");
summer Numbat:~$

to generate encrypted passwords for one of the accounts here, and it
doesn't match what is actually used.

But then, I have the same root password on two RHL boxes, and the values
in /etc/shadow differ too.

So how does the checking work?

Using the excellent advice to use the passwd command:
[root quokka root]# useradd fred
[root quokka root]# echo fred | passwd --stdin fred
Changing password for user fred.
passwd: all authentication tokens updated successfully.
[root quokka root]# grep fred /etc/shadow
fred:$1$iyQ05jRt$iMf.XwnD7iUhI3Tv45ZPI.:12171:0:99999:7:::
[root quokka root]#


Works well, but ...
[root gw root]# useradd fred
[root gw root]# echo fred | passwd --stdin fred
Changing password for user fred
passwd: all authentication tokens updated successfully
[root gw root]# grep fred /etc/shadow
fred:$1$le3EjRvD$CDd82emph.w1nTPnW0k5z1:12171:0:99999:7:::
[root gw root]#

Different encrypted passwords!!




> 
> -----Original Message-----
> From: John [mailto:red computerdatasafe com au]
> Sent: Monday, April 28, 2003 1:10 AM
> To: 'kickstart-list redhat com'
> Subject: Re: Kickstart User Creation
> 
> 
> On Mon, 28 Apr 2003, Gareth Bromley wrote:
> 
> > On Sun, 27 Apr 2003, Robert Denton wrote:
> > > useradd -G root -p menace phantom
> > > To create a user by the name of phantom with a the password menace.
> This
> > > didn't work and after a review of the man page associated with
> useradd, it
> > > would seem that if you are going to include the password in this
> command you
> > > need to supply it in an encrypted form (with crypt(3)) and I am not
> quite
> > > certain how to do that.  I also considered going the other route:
> > > useradd -G root phantom
> > > passwd phantom
> > > But that requires further interaction and this doesn't seem to be
> possible
> > > in a kickstart post installation script.  Has anyone tried this at
> all? I
> > > would appreciate any advice regarding the best way to do this.
> > The best way is to make use of the usermod and associated tools.
> > 
> > e.g.
> > /usr/sbin/useradd myuser
> > chfn -f 'A User' myuser
> > /usr/sbin/usermod -p '$1$CrackThisOnePlease!!' myuser
> 
> That requires an encrypted password, just the problem Robert wants to
> overcome.
> 
> 
> 

-- 
Please, reply only to the list.

Join the "Linux Support by Small Businesses" list at
http://mail.computerdatasafe.com.au/mailman/listinfo/lssb