Hello Nils,
On Thu, Feb 21, 2002 at 07:57:09PM +0100, Nils Rennebarth wrote:
> On Thu, Feb 21, 2002 at 07:20:18PM +0100, Wichert Akkerman wrote:
> > The problem is this: when creating a new directory slapd asks
> > for the admin password and creates a admin entry with that
> > password. However when running non-interactively we can not
> > ask for a password so the config script aborts.
> >
> > Does anyone have any opinions on what to do? I'm tempted to implement
> > the third option.
> I did a similar thing for horde2 when creating a database user and password.
> The password is generated randomly if the user doesn't supply one.
> BTW: This is the script I use, are there comments available from security
> experts? Does anybody know a version that uses sh only and does not rely on
> perl?
If all bits you pull from /dev/random are equally random, then your
script is ok. You are discarding the top 3 bits of every byte in your
base64 conversion, which could be a problem if your RNG has
imperfections. How much this really matters for a password that you're
going to email to the admin... <shrug> :) A bigger issue might be if
you're pulling bits from a random number source that's entropy-poor, in
which case throwing away almost half a byte of entropy for every
character can be overly wasteful and slow your script down.
Here is a similar quick'n'dirty script I use when I need quick'n'dirty
passwords. It's also perl with a smattering of shell scripting <grin>,
as I can't think of a sane way to do this in plain POSIX sh.
Cheers,
Steve Langasek
postmodern programmer
#!/usr/bin/perl
$count = 0;
$array = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789/.';
$string = `dd if=/dev/urandom count=20 bs=1 2>/dev/null`;
while ($var = chop($string)) {
$number = unpack('C', $var);
if ($count != 0) {
$number = ($number << $count) + $spare;
}
$read = ($number & 0x3F);
print $read
print substr($array,$read,1);
$count += 3;
$spare = ($number >> 6);
if ($count >= 6) {
$number = $spare;
$read = ($number & 0x3F);
print substr($array,$read,1);
$spare = ($number >> 6);
$count -= 6;
}
}
print "\n";
Attachment:
pgpnaKndBy0qn.pgp
Description: PGP signature