Re: creating password for a shadow file
On Mon, 2003-12-01 at 02:59, LeVA wrote:
> Hello!
>
> I need to add users to a passwd/shadow file, but these files does not
> reside in /etc dir. Thus I can not use the adduser or useradd tool to
> add the users, because then they will be added to the /etc/passwd|shadow
> file, and my passwd/shadow files are in another directory. These
> passwd/shadow files are used by an ftp server. I have managed to create
> a passwd file, and wrote the user name and uid, and homedir etc... by
> hand. The shadow file's passwords must be encrytped with md5. So I used
> the 'htpasswd' program to create a password for the user. I typed:
>
> htpasswd -m shadow.ftp user
>
> The problem is that this program doesn't create a password like the
> adduser program used to create, and put to the /etc/shadow file. When I
> try to login with 'user' via ftp (using the newly created shadow file),
> it says username and/or password was not accepted, so the password
> generation didn't work.
>
> 'htpasswd -bmn user password' output:
>
> user:$apr1$DlJ9I...$E8VL0rjQKdl1pVgH2q10C.
>
> 'adduser user' (with same password as above) output:
>
> user:$1$NR.fOvEF$.hOr7l7msiIfz6sP4l0yS/
>
> As you can see they don't match.
They aren't necessarily supposed to match...
I used passwd to set both daemon's and bin's passwords to "password" and
here is the contents of the shadow file:
daemon:$1$Eb1Ur58x$ziu8H6t07.ArliJFnghC3/:12387:0:99999:7:::
bin:$1$TjPCHv.t$7beIS.5KZKstlSk42vIBN/:12387:0:99999:7:::
I believe the way it works is that a random "salt" value is chosen and
added as the first two characters after the cipher value... Otherwise,
having access to the shadow file would make it easier to recognize known
values.
--
Mark Roach
Reply to: