RE: Kickstart User Creation

[John <red computerdatasafe com au>]

On Tue, 29 Apr 2003, Philip Rowlands wrote:

> On Tue, 29 Apr 2003, John wrote:
> 
> >I used this code:
> >summer Numbat:~$ cat bin/pw.encrypt
> >#!/usr/bin/perl -w
> >$passwd = $ARGV[0];
> >$salt = "\$1\$".$ARGV[1]."\$";
> >
> >print(crypt($passwd, $salt)."\n");
> >
> >to generate encrypted passwords for one of the accounts here, and it
> >doesn't match what is actually used.
> 
> That worked when I wrote it. Let's try with your example:
> 
> ># echo fred | passwd --stdin fred
> ># grep fred /etc/shadow
> >fred:$1$iyQ05jRt$iMf.XwnD7iUhI3Tv45ZPI.:12171:0:99999:7:::
> 
> $ ./mycrypt.pl fred iyQ05jRt
> $1$iyQ05jRt$iMf.XwnD7iUhI3Tv45ZPI.
> 
> ># echo fred | passwd --stdin fred
> ># grep fred /etc/shadow
> >fred:$1$le3EjRvD$CDd82emph.w1nTPnW0k5z1:12171:0:99999:7:::
> 
> $ ./mycrypt.pl fred le3EjRvD
> $1$le3EjRvD$CDd82emph.w1nTPnW0k5z1
> 
> Still works (phew).
> 
> >Different encrypted passwords!!
> 
> Yes, that's the whole point of salt.

The bit I was missing (unless I'm even more confused) and which you
blithely ignored is that the password field contains the salt used.

In _my_ circumstances, this technique is fine.
echo fred | passwd --stdin fred

The perl script might as well generate its own salt rather than allow
the user to provide one.



-- 
Please, reply only to the list.

Join the "Linux Support by Small Businesses" list at
http://mail.computerdatasafe.com.au/mailman/listinfo/lssb