Lost User Account Passwords

Felipe Alfaro Solana felipe_alfaro at linuxmail.org
Wed Feb 2 19:22:51 UTC 2005


On 2 Feb 2005, at 19:49, Thomas Cameron wrote:

> ----- Original Message ----- From: "Tim Alberts" 
> <talberts at msiscales.com>
> To: <fedora-list at redhat.com>
> Sent: Wednesday, February 02, 2005 11:32 AM
> Subject: Lost User Account Passwords
>
>
>> I'm running apache on a FC3 linux box.  I'm trying to make user 
>> password
>> control more available.  I know the passwd command to change user
>> passwords.  My question is, if a user enters a password and they 
>> forget
>> it, how can they get the password back out of the system without just
>> re-entering a new one?
>>
>> Specifically, I'm using Linux-PAM with shadow passwords.  I don't want
>> to give users root access.  I'm really trying to create a cgi/bash
>> script that a user can enter their email address and it will email 
>> them
>> there password.  Seems like a simple thing to do, but I haven't seen a
>> command to retreive a current user password from Linux-PAM/shadow
>> passwords.  I could use a MySQL database to keep track of this stuff,
>> but I prefer to use the security that Linux already provides.  Plus,
>> then I've got plain text passwords in a database or even if I 
>> encrypted
>> them in the database, I have the passwords in two places and then
>> there's the risk of them getting out of sink (however small a risk).
>
> They really can't get their passwords back (at least not easily).  The 
> best way to do it would be to have a script which generates a new 
> password and mails it to them.  To generate quasi-random passwords I 
> use a command like:
>
> ps ax | md5sum | cut -c 1-8

Better yet...

dd if=/dev/urandom bs=1 count=32 | md5sum | cut -c1-8




More information about the fedora-list mailing list