Hello Nils, On Thu, Feb 21, 2002 at 07:57:09PM +0100, Nils Rennebarth wrote: > On Thu, Feb 21, 2002 at 07:20:18PM +0100, Wichert Akkerman wrote: > > The problem is this: when creating a new directory slapd asks > > for the admin password and creates a admin entry with that > > password. However when running non-interactively we can not > > ask for a password so the config script aborts. > > > > Does anyone have any opinions on what to do? I'm tempted to implement > > the third option. > I did a similar thing for horde2 when creating a database user and password. > The password is generated randomly if the user doesn't supply one. > BTW: This is the script I use, are there comments available from security > experts? Does anybody know a version that uses sh only and does not rely on > perl? If all bits you pull from /dev/random are equally random, then your script is ok. You are discarding the top 3 bits of every byte in your base64 conversion, which could be a problem if your RNG has imperfections. How much this really matters for a password that you're going to email to the admin... <shrug> :) A bigger issue might be if you're pulling bits from a random number source that's entropy-poor, in which case throwing away almost half a byte of entropy for every character can be overly wasteful and slow your script down. Here is a similar quick'n'dirty script I use when I need quick'n'dirty passwords. It's also perl with a smattering of shell scripting <grin>, as I can't think of a sane way to do this in plain POSIX sh. Cheers, Steve Langasek postmodern programmer #!/usr/bin/perl $count = 0; $array = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789/.'; $string = `dd if=/dev/urandom count=20 bs=1 2>/dev/null`; while ($var = chop($string)) { $number = unpack('C', $var); if ($count != 0) { $number = ($number << $count) + $spare; } $read = ($number & 0x3F); print $read print substr($array,$read,1); $count += 3; $spare = ($number >> 6); if ($count >= 6) { $number = $spare; $read = ($number & 0x3F); print substr($array,$read,1); $spare = ($number >> 6); $count -= 6; } } print "\n";
Attachment:
pgpnaKndBy0qn.pgp
Description: PGP signature