|
|
| Next: rsync backup |
| Author |
Message |
wong_powah
External
Since: Jul 09, 2007
Posts: 7
|
 Posted: Mon Jul 09, 2007 9:11 am Post subject: generate a password string to be used by the useradd command
Archived from groups: comp>os>linux>security (more info?) |
|
|
|
| How to generate a password string to be used by the useradd command?
e.g. If I want my password to be "zxASqw12", then what should the
parameter of the "useradd test -p" command be?
|
|
|
| Back to top |
|
 |
s. keeling
External
Since: Jul 07, 2007
Posts: 74
|
Posted: Mon Jul 09, 2007 6:08 pm Post subject: Re: generate a password string to be used by the useradd command [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?) |
|
|
wong_powah DeleteThis @yahoo.ca <wong_powah DeleteThis @yahoo.ca>:
> How to generate a password string to be used by the useradd command?
>
> e.g. If I want my password to be "zxASqw12", then what should the
> parameter of the "useradd test -p" command be?
The manpage says that's the encrypted password as returned from
crypt. I see there's something called mcrypt to replace crypt, so
maybe:
useradd test -p `mcrypt zxASqw12` # <-- those are backtics.
However, useradd's default is to leave the account disabled, meaning
the user will have to change the password before they'll be allowed
in. If you didn't use something as obvious as "test" for the
username, that might be the way to go.
--
Any technology distinguishable from magic is insufficiently advanced.
(*) http://www.spots.ab.ca/~keeling Linux Counter #80292
- - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me. |
|
| Back to top |
|
|
Ertugrul Soeylemez
External
Since: Mar 24, 2007
Posts: 20
|
Posted: Tue Jul 10, 2007 4:24 am Post subject: Re: generate a password string to be used by the useradd command [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?) |
|
|
wong_powah.TakeThisOut@yahoo.ca (07-07-09 09:11:43):
> How to generate a password string to be used by the useradd command?
>
> e.g. If I want my password to be "zxASqw12", then what should the
> parameter of the "useradd test -p" command be?
Why don't you just use the `passwd' utility?
Regards,
Ertugrul Söylemez.
--
Security is the one concept, which makes things in your life stay as
they are. Otto is a man, who is afraid of changes in his life; so
naturally he does not employ security. |
|
| Back to top |
|
|
wong_powah
External
Since: Jul 09, 2007
Posts: 7
|
Posted: Tue Jul 10, 2007 3:06 pm Post subject: Re: generate a password string to be used by the useradd command [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?) |
|
|
On Jul 9, 10:24 pm, Ertugrul Soeylemez <do-not-spam....RemoveThis@ertes.de>
wrote:
> wong_po....RemoveThis@yahoo.ca (07-07-09 09:11:43):
>
> > How to generate a password string to be used by the useradd command?
>
> > e.g. If I want my password to be "zxASqw12", then what should the
> > parameter of the "useradd test -p" command be?
>
> Why don't you just use the `passwd' utility?
>
> Regards,
> Ertugrul Söylemez.
>
> --
> Security is the one concept, which makes things in your life stay as
> they are. Otto is a man, who is afraid of changes in his life; so
> naturally he does not employ security.
I want to execute useradd in a script. |
|
| Back to top |
|
|
wong_powah
External
Since: Jul 09, 2007
Posts: 7
|
Posted: Tue Jul 10, 2007 3:10 pm Post subject: Re: generate a password string to be used by the useradd command [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?) |
|
|
On Jul 9, 2:08 pm, "s. keeling" <keel... RemoveThis @nucleus.com> wrote:
> wong_po... RemoveThis @yahoo.ca <wong_po... RemoveThis @yahoo.ca>:
>
> > How to generate a password string to be used by the useradd command?
>
> > e.g. If I want my password to be "zxASqw12", then what should the
> > parameter of the "useradd test -p" command be?
>
> The manpage says that's the encrypted password as returned from
> crypt. I see there's something called mcrypt to replace crypt, so
> maybe:
>
> useradd test -p `mcrypt zxASqw12` # <-- those are backtics.
>
> However, useradd's default is to leave the account disabled, meaning
> the user will have to change the password before they'll be allowed
> in. If you didn't use something as obvious as "test" for the
> username, that might be the way to go.
>
> --
> Any technology distinguishable from magic is insufficiently advanced.
> (*) http://www.spots.ab.ca/~keeling Linux Counter #80292
> - - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.
If the user will have to change the password before they'll be allowed
in, then will the original password be overwritten before it is used? |
|
| Back to top |
|
|
Steve Sentoff
External
Since: Jul 09, 2007
Posts: 4
|
Posted: Tue Jul 10, 2007 10:36 pm Post subject: Re: generate a password string to be used by the useradd command [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?) |
|
|
wong_powah.DeleteThis@yahoo.ca wrote:
> On Jul 9, 2:08 pm, "s. keeling" <keel....DeleteThis@nucleus.com> wrote:
>> wong_po....DeleteThis@yahoo.ca <wong_po....DeleteThis@yahoo.ca>:
>>
>>> How to generate a password string to be used by the useradd command?
>>> e.g. If I want my password to be "zxASqw12", then what should the
>>> parameter of the "useradd test -p" command be?
>> The manpage says that's the encrypted password as returned from
>> crypt. I see there's something called mcrypt to replace crypt, so
>> maybe:
>>
>> useradd test -p `mcrypt zxASqw12` # <-- those are backtics.
>>
>> However, useradd's default is to leave the account disabled, meaning
>> the user will have to change the password before they'll be allowed
>> in. If you didn't use something as obvious as "test" for the
>> username, that might be the way to go.
>>
>> --
>> Any technology distinguishable from magic is insufficiently advanced.
>> (*) http://www.spots.ab.ca/~keeling Linux Counter #80292
>> - - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.
>
> If the user will have to change the password before they'll be allowed
> in, then will the original password be overwritten before it is used?
>
There's a bit more to it than this. If you look at the manpage for
mcrypt, you'll see you need a bunch of parameters, and it's not on my
machine anyway. I would suggest better way is to write a wrapper around
the crypt function, see the section 3 man page for crypt. You also need
to generate a "salt", which is just a random string to help add some
strength to the algorithm. Doing this with your chosen password above
yields this string as one possibility:
$1$WpHFiwYg$K8edj5oHulcaYWMq4SNX1.
(Note that the period at the end of the string happens to be part of the
string, not punctuation. Also beware of the $'s when passing this
string through the shell.)
I don't think you have to worry about changing the password by the
user--as far as I can tell from the man page, useradd only disables the
account when the password isn't provided.
Having said all that, wouldn't it be easier to follow the earlier
suggestion, which was to add the user with useradd and then use passwd
to set the password?
--
Steve |
|
| Back to top |
|
|
Ertugrul Soeylemez
External
Since: Mar 24, 2007
Posts: 20
|
Posted: Wed Jul 11, 2007 4:44 am Post subject: Re: generate a password string to be used by the useradd command [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?) |
|
|
wong_powah.TakeThisOut@yahoo.ca (07-07-10 15:06:14):
> > > How to generate a password string to be used by the useradd command?
> > > e.g. If I want my password to be "zxASqw12", then what should the
> > > parameter of the "useradd test -p" command be?
> >
> > Why don't you just use the `passwd' utility?
>
> I want to execute useradd in a script.
So what? Use both in the script.
Regards,
Ertugrul Söylemez.
--
Security is the one concept, which makes things in your life stay as
they are. Otto is a man, who is afraid of changes in his life; so
naturally he does not employ security. |
|
| Back to top |
|
|
wong_powah
External
Since: Jul 09, 2007
Posts: 7
|
Posted: Wed Jul 11, 2007 7:14 am Post subject: Re: generate a password string to be used by the useradd command [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?) |
|
|
On Jul 10, 11:36 pm, Steve Sentoff <steve30... RemoveThis @hotmail.com> wrote:
> wong_po... RemoveThis @yahoo.ca wrote:
> > On Jul 9, 2:08 pm, "s. keeling" <keel... RemoveThis @nucleus.com> wrote:
> >> wong_po... RemoveThis @yahoo.ca <wong_po... RemoveThis @yahoo.ca>:
>
> >>> How to generate a password string to be used by the useradd command?
> >>> e.g. If I want my password to be "zxASqw12", then what should the
> >>> parameter of the "useradd test -p" command be?
> >> The manpage says that's the encrypted password as returned from
> >> crypt. I see there's something called mcrypt to replace crypt, so
> >> maybe:
>
> >> useradd test -p `mcrypt zxASqw12` # <-- those are backtics.
>
> >> However, useradd's default is to leave the account disabled, meaning
> >> the user will have to change the password before they'll be allowed
> >> in. If you didn't use something as obvious as "test" for the
> >> username, that might be the way to go.
>
> >> --
> >> Any technology distinguishable from magic is insufficiently advanced.
> >> (*) http://www.spots.ab.ca/~keeling Linux Counter #80292
> >> - - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.
>
> > If the user will have to change the password before they'll be allowed
> > in, then will the original password be overwritten before it is used?
>
> There's a bit more to it than this. If you look at the manpage for
> mcrypt, you'll see you need a bunch of parameters, and it's not on my
> machine anyway. I would suggest better way is to write a wrapper around
> the crypt function, see the section 3 man page for crypt. You also need
> to generate a "salt", which is just a random string to help add some
> strength to the algorithm. Doing this with your chosen password above
> yields this string as one possibility:
> $1$WpHFiwYg$K8edj5oHulcaYWMq4SNX1.
> (Note that the period at the end of the string happens to be part of the
> string, not punctuation. Also beware of the $'s when passing this
> string through the shell.)
>
> I don't think you have to worry about changing the password by the
> user--as far as I can tell from the man page, useradd only disables the
> account when the password isn't provided.
>
> Having said all that, wouldn't it be easier to follow the earlier
> suggestion, which was to add the user with useradd and then use passwd
> to set the password?
>
> --
> Steve
I add the user with useradd and then use passwd to set the password.
# useradd -m -G users,wheel -s /bin/bash operator4
# passwd operator4
Changing password for user operator4.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
# echo "AllowUsers operator4" >> /etc/ssh/sshd_config
$ ssh operator4 RemoveThis @172.20.11.46
operator4 RemoveThis @172.20.11.46's password:
Permission denied, please try again.
operator4 RemoveThis @172.20.11.46's password: |
|
| Back to top |
|
|
soly20072007
External
Since: Jul 20, 2007
Posts: 8
|
|
| Back to top |
|
|
|
|
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
| |
|
|
Linux