Re: creating password for a shadow file
On Mon, Dec 01, 2003 at 09:19:51AM +0100, Dariush Pietrzak wrote:
> > try to login with 'user' via ftp (using the newly created shadow file),
> ftp deamons usually provide command for creating passwd files, proftpd:
> ftpasswd, muddleftpd: mudpasswd.
>
> > user:$apr1$DlJ9I...$E8VL0rjQKdl1pVgH2q10C.
> > user:$1$NR.fOvEF$.hOr7l7msiIfz6sP4l0yS/
> Even with the same tools passwds wont match:
> pokurcz:/tmp# passwd oracle
> Enter new UNIX password:
> Retype new UNIX password:
> passwd: password updated successfully
> pokurcz:/tmp# grep oracle /etc/shadow
> oracle:$1$wRhm9QF5$3r41IcRFn0P/PO5Yg5VqK/:12387:0:99999:7:::
> pokurcz:/tmp# passwd oracle
> Enter new UNIX password:
> Retype new UNIX password:
> passwd: password updated successfully
> pokurcz:/tmp# grep oracle /etc/shadow
> oracle:$1$IEy1afpX$6F5lP3Axj8nA0s639qz441:12387:0:99999:7:::
>
> And that was the same password.
>
> > So my question is, that is it possible to create passwords for a shadow
> > file with a command line tool?
> You could use PAM for that - create pam setting with alternative location
> for files, and point your passwd to that pam ( /etc/pam.d/passwd ).
> But in general, I'd like to hear the answer to that question.
>
use mkpasswd from whois package:
mkpasswd --hash=md5 monpass
here is the result
$1$YHxt6uZp$3gYVC2rkikn0eKQaYncpo/
you can use it as the "crypted" password for your command (like
useradd -p '$1$YHxt6uZp$3gYVC2rkikn0eKQaYncpo/' user1
Info:
the value between $1$ and $ is the salt, when the user enter is passwd,
the system crypt it with the salt in the shadow file for this login,
like this:
mkpasswd --hash=md5 --salt=YHxt6uZp monpass
and compare it with the stored md5 pass ... if it's the same ... the
user is authenticated.
the salt is a random string generated at the time you create the "md5"
pass.
--
Emmanuel Lacour ------------------------------------ Easter-eggs
44-46 rue de l'Ouest - 75014 Paris - France - Métro Gaité
Phone: +33 (0) 1 43 35 00 37 - Fax: +33 (0) 1 41 35 00 76
mailto:elacour@easter-eggs.com - http://www.easter-eggs.com
Reply to: