Re: creating password for a shadow file

To: Debian-Security <debian-security@lists.debian.org>
Subject: Re: creating password for a shadow file
From: Emmanuel Lacour <elacour@easter-eggs.com>
Date: Mon, 1 Dec 2003 09:49:34 +0100
Message-id: <[🔎] 20031201084934.GC32757@easter-eggs.com>
In-reply-to: <[🔎] 20031201081951.GA5423@forumakad.pl>
References: <[🔎] 3FCAF4E9.5000101@az.isten.hu> <[🔎] 20031201081951.GA5423@forumakad.pl>

On Mon, Dec 01, 2003 at 09:19:51AM +0100, Dariush Pietrzak wrote:
> > try to login with 'user' via ftp (using the newly created shadow file),
>  ftp deamons usually provide command for creating passwd files, proftpd:
>  ftpasswd, muddleftpd: mudpasswd.
> 
> > user:$apr1$DlJ9I...$E8VL0rjQKdl1pVgH2q10C.
> > user:$1$NR.fOvEF$.hOr7l7msiIfz6sP4l0yS/
>  Even with the same tools passwds wont match:
>  pokurcz:/tmp# passwd  oracle
>  Enter new UNIX password: 
>  Retype new UNIX password: 
>  passwd: password updated successfully
>  pokurcz:/tmp# grep oracle /etc/shadow  
>  oracle:$1$wRhm9QF5$3r41IcRFn0P/PO5Yg5VqK/:12387:0:99999:7:::
>  pokurcz:/tmp# passwd  oracle
>  Enter new UNIX password: 
>  Retype new UNIX password: 
>  passwd: password updated successfully
>  pokurcz:/tmp# grep oracle /etc/shadow
>  oracle:$1$IEy1afpX$6F5lP3Axj8nA0s639qz441:12387:0:99999:7:::
> 
>  And that was the same password.

> 
> > So my question is, that is it possible to create passwords for a shadow 
> > file with a command line tool?
>  You could use PAM for that - create pam setting with alternative location
> for files, and point your passwd to that pam ( /etc/pam.d/passwd ).
>  But in general, I'd like to hear the answer to that question.
> 


use mkpasswd from whois package:


    mkpasswd --hash=md5 monpass


here is the result

$1$YHxt6uZp$3gYVC2rkikn0eKQaYncpo/



you can use it as the "crypted" password for your command (like 
    
	useradd -p '$1$YHxt6uZp$3gYVC2rkikn0eKQaYncpo/' user1


Info:
the value between $1$ and $ is the salt, when the user enter is passwd,
the system crypt it with the salt in the shadow file for this login,
like this:

    mkpasswd --hash=md5 --salt=YHxt6uZp monpass

and compare it with the stored md5 pass ... if it's the same ... the
user is authenticated.


the salt is a random string generated at the time you create the "md5"
pass.



-- 
Emmanuel Lacour ------------------------------------ Easter-eggs
44-46 rue de l'Ouest  -  75014 Paris   -   France -  Métro Gaité
Phone: +33 (0) 1 43 35 00 37    -     Fax: +33 (0) 1 41 35 00 76
mailto:elacour@easter-eggs.com   -    http://www.easter-eggs.com

Reply to:

References:
- creating password for a shadow file
  - From: LeVA <leva@az.isten.hu>
- Re: creating password for a shadow file
  - From: Dariush Pietrzak <eyck@forumakad.pl>

Prev by Date: Re: creating password for a shadow file
Next by Date: Re: creating password for a shadow file
Previous by thread: Re: creating password for a shadow file
Next by thread: Re: creating password for a shadow file
Index(es):
- Date
- Thread