Printing shadow passwords
Hello, I am using a program which can autheticate against /etc/shadow or against another file with the same structure. This requires that I be able to put the encrypted passwords in /usr/local/mydaemon/etc/shadow. However, I am at a loss at how I can use shadow utils to mainupulate passwords in a file other than /etc/* ones. Basically I need a program or a method where I can type: passwd -u myuser -p mypassword -f /usr/local/mydaemon/etc/shadow and similar for useradd and groupadd tools also. I checked the standard utils, and they dont let you change the files they are manipulating. (Probably compiled in). I dont want to recompile those tools either because this manipulation is for only one daemon anyways and I dont want to wreck my basic admin tools. If no such tools or methods are available I would even settle for a program that does this: #example:>showpass -u myuser -p mypassword Password is: A23jf8624 #example:> Or however a shadow password would turn out for the password "mypassword". That way I could even just copy/paste it in the file by hand, which is fine by me. I've memorized howto manipulate shadow files, but not how to shadow encrypt by hand ;) Thanks in advance. I really dont want to hack up a prog in C and read the shadow-utils source for such a simple problem. ------------------------- Eric Bambach Eric at cisu dot net -------------------------
Have you considered just setting up a cron job to copy /etc/shadow wherever you need it? This could be done as often as you think would be required. If done through a shell script, the shell script could be executed manually as well when needed. As far as the shadow password itself, just copy paste the string if you like, or the entire line. Since it is a one way algortihm it cannot be reversed. On Thursday 25 December 2003 19:09, Eric wrote:
Hello, I am using a program which can autheticate against /etc/shadow or against another file with the same structure. This requires that I be able to put the encrypted passwords in /usr/local/mydaemon/etc/shadow. However, I am at a loss at how I can use shadow utils to mainupulate passwords in a file other than /etc/* ones. Basically I need a program or a method where I can type: passwd -u myuser -p mypassword -f /usr/local/mydaemon/etc/shadow and similar for useradd and groupadd tools also. I checked the standard utils, and they dont let you change the files they are manipulating. (Probably compiled in). I dont want to recompile those tools either because this manipulation is for only one daemon anyways and I dont want to wreck my basic admin tools.
If no such tools or methods are available I would even settle for a program that does this: #example:>showpass -u myuser -p mypassword Password is: A23jf8624 #example:> Or however a shadow password would turn out for the password "mypassword". That way I could even just copy/paste it in the file by hand, which is fine by me. I've memorized howto manipulate shadow files, but not how to shadow encrypt by hand ;) Thanks in advance. I really dont want to hack up a prog in C and read the shadow-utils source for such a simple problem. ------------------------- Eric Bambach Eric at cisu dot net -------------------------
On Thursday 25 December 2003 06:20 pm, James Finnall wrote:
Have you considered just setting up a cron job to copy /etc/shadow wherever you need it? This could be done as often as you think would be required. If done through a shell script, the shell script could be executed manually as well when needed.
Well, then why aren't I just authenticating against /etc/shadow? The point is that I want these users very separate from the system files so that the daemon (proftpd) can just read from that. I want a separate file of ftp users since I don't want the users to have any real login access. I don't want to add them to etc/shadow because all the users are contained in one directory and will not create any files outside of this directory. In addition I don't want a long list of FTP users clogging up /etc/shadow alongside login/shell users. Putting the authentication in a separate file goes a long way to organization.
As far as the shadow password itself, just copy paste the string if you like, or the entire line. Since it is a one way algortihm it cannot be reversed.
-- ------------------------- Eric Bambach Eric at cisu dot net -------------------------
On Friday 26 December 2003 01.38, Eric wrote:
On Thursday 25 December 2003 06:20 pm, James Finnall wrote:
Have you considered just setting up a cron job to copy /etc/shadow wherever you need it? This could be done as often as you think would be required. If done through a shell script, the shell script could be executed manually as well when needed.
--- a few things cut --- Pardon my somewhat odd question to this, but why not use LDAP or maybe even NIS for the authentication? Not that i am a pro on LDAP (as a matter of fact i am just opening that book) but i seem to recall that you could group ppl with it. And thus get special login for the FTP services etc... -- /Rikard ------------------------------------------------------------------------------------ Rikard Johnels email : rikjoh@norweb.se Web : http://www.rikjoh.com Mob : +46 70 464 99 39 ------------------------ Public PGP fingerprint ---------------------------- < 15 28 DF 78 67 98 B2 16 1F D3 FD C5 59 D4 B6 78 46 1C EE 56 >
Am Freitag, 26. Dezember 2003 01:09 schrieb Eric:
I am using a program which can autheticate against /etc/shadow or against another file with the same structure. This requires that I be able to put the encrypted passwords in /usr/local/mydaemon/etc/shadow. However, I am at a loss at how I can use shadow utils to mainupulate passwords in a file other than /etc/* ones. Basically I need a program or a method where I can type: passwd -u myuser -p mypassword -f /usr/local/mydaemon/etc/shadow and similar for useradd and groupadd tools also. I checked the standard utils, and they dont let you change the files they are manipulating. (Probably compiled in). I dont want to recompile those tools either because this manipulation is for only one daemon anyways and I dont want to wreck my basic admin tools.
$ man chroot
If no such tools or methods are available I would even settle for a program that does this: #example:>showpass -u myuser -p mypassword Password is: A23jf8624 #example:>
$ man awk sed -- Andreas
Am Freitag, 26. Dezember 2003 11:04 schrieb Andreas Winkelmann:
I am using a program which can autheticate against /etc/shadow or against another file with the same structure. This requires that I be able to put the encrypted passwords in /usr/local/mydaemon/etc/shadow. However, I am at a loss at how I can use shadow utils to mainupulate passwords in a file other than /etc/* ones. Basically I need a program or a method where I can type: passwd -u myuser -p mypassword -f /usr/local/mydaemon/etc/shadow and similar for useradd and groupadd tools also. I checked the standard utils, and they dont let you change the files they are manipulating. (Probably compiled in). I dont want to recompile those tools either because this manipulation is for only one daemon anyways and I dont want to wreck my basic admin tools.
$ man chroot
Or there is a suse-tool. Normally it is for changing the password of a user from a batchfile. Look at chpasswd (8). This tool has an option to specify another ./etc-Path with -P. -- Andreas
On Friday 26 December 2003 06:05 am, Andreas Winkelmann wrote:
Am Freitag, 26. Dezember 2003 11:04 schrieb Andreas Winkelmann:
I am using a program which can autheticate against /etc/shadow or against another file with the same structure. This requires that I be able to put the encrypted passwords in /usr/local/mydaemon/etc/shadow. However, I am at a loss at how I can use shadow utils to mainupulate passwords in a file other than /etc/* ones. Basically I need a program or a method where I can type: passwd -u myuser -p mypassword -f /usr/local/mydaemon/etc/shadow and similar for useradd and groupadd tools also. I checked the standard utils, and they dont let you change the files they are manipulating. (Probably compiled in). I dont want to recompile those tools either because this manipulation is for only one daemon anyways and I dont want to wreck my basic admin tools.
$ man chroot
Or there is a suse-tool. Normally it is for changing the password of a user from a batchfile. Look at chpasswd (8). This tool has an option to specify another ./etc-Path with -P.
Thanks to all. I ended up just doing authentication via a MYSQL database and using mysqlcc to edit the user entries. There I can keep the data in plaintext anyways. Im kinda disappointed theres not a tool that will dump an encrypted password to stdout given it in stdin. Although I suppose if I knew perl that would be a one/two liner im sure. ------------------------- Eric Bambach Eric at cisu dot net -------------------------
participants (4)
-
Andreas Winkelmann -
Eric -
James Finnall -
Rikard Johnels