LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-09-2009, 09:31 AM   #1
qwertyjjj
Senior Member
 
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,012

Rep: Reputation: 30
editing/viewing password files


I created a password file for use with ncsa_auth in squid.
Firstly, is there a way to view the passwords in the file or are they all encrypted?
Secondly, is there a way to get squid to reauthenticate the user after 24 hours?
 
Old 08-09-2009, 11:25 AM   #2
Meson
Member
 
Registered: Oct 2007
Distribution: Arch x86_64
Posts: 606

Rep: Reputation: 67
I can't speak for your particular password file. But the passwords in pwfiles are usually hashed. It's a one way encryption. You can't get the password by knowing the hash, you can only get the hash by knowing the password.
 
Old 08-09-2009, 11:35 AM   #3
qwertyjjj
Senior Member
 
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,012

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by Meson View Post
I can't speak for your particular password file. But the passwords in pwfiles are usually hashed. It's a one way encryption. You can't get the password by knowing the hash, you can only get the hash by knowing the password.
So, if you forget the password in that file for a login, what can you do? Only reset it? You can never view it?

How can you delete users from password files? Is it a simple case of using the vi editor? This is a htpasswd file for use with squid and ncsa_authentication.
 
Old 08-09-2009, 11:43 AM   #4
repo
LQ 5k Club
 
Registered: May 2001
Location: Belgium
Distribution: Arch
Posts: 8,527

Rep: Reputation: 898Reputation: 898Reputation: 898Reputation: 898Reputation: 898Reputation: 898Reputation: 898
Quote:
So, if you forget the password in that file for a login, what can you do? Only reset it? You can never view it?
That's the whole point of passwords, no?
Quote:
How can you delete users from password files?
userdel or deluser
 
Old 08-09-2009, 12:44 PM   #5
Meson
Member
 
Registered: Oct 2007
Distribution: Arch x86_64
Posts: 606

Rep: Reputation: 67
Quote:
Originally Posted by qwertyjjj View Post
So, if you forget the password in that file for a login, what can you do? Only reset it? You can never view it?
Yes, if you forget the password you can only reset it. If you REALLY want to retrieve the password if you forget it, you can write a wrapper for htpasswd (I think that's the name of the command, for apache at least). The wrapper will read the password from STDIN, pass it to htpasswd as normal, but also store it somewhere else - in plain text or some sort of encrypted format of your choosing.

Quote:
Originally Posted by qwertyjjj View Post
How can you delete users from password files? Is it a simple case of using the vi editor? This is a htpasswd file for use with squid and ncsa_authentication.
I think there are some commands for this, but you can also remove users from the file manually.

Quote:
Originally Posted by repo View Post
userdel or deluser
These are for system users. I don't think they are the are the commands to do what he wants.

Last edited by Meson; 08-09-2009 at 12:46 PM.
 
Old 08-09-2009, 07:45 PM   #6
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,260

Rep: Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328
http://httpd.apache.org/docs/2.0/programs/htpasswd.html
 
Old 08-09-2009, 08:34 PM   #7
qwertyjjj
Senior Member
 
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,012

Original Poster
Rep: Reputation: 30
Can htpasswd be issued by php?
ie users can reset their passwords if needed through a php script changing the value in a passwd file currently edited by:

htpasswd /etc/squid/squid_passwd www
 
Old 08-09-2009, 08:37 PM   #8
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,260

Rep: Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328
So long as its running as the owner of the file, probably apache. Note that you may have privileges issues as apache drops privs on the child processes that do all the work.
Have a good read of the Apache site I referenced.
 
Old 08-09-2009, 08:39 PM   #9
qwertyjjj
Senior Member
 
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,012

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by chrism01 View Post
So long as its running as the owner of the file, probably apache. Note that you may have privileges issues as apache drops privs on the child processes that do all the work.
Have a good read of the Apache site I referenced.
ok - will do.
But does it have to be issued through php using the system command or can you just edit using other methods?
 
Old 08-09-2009, 08:57 PM   #10
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,260

Rep: Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328
Well, you can get Apache to call a prog in any lang if you set up the cfg correctly ... and most lngs will have more than one way of calling an external prog like htpasswd.

eg in Perl you have

system()
`xxx` (backquotes)
qx(blah) (similar to back quotes)

and so on. I'm fairly sure php has more than one method, but I'm not a php guy.
PHP manual:
http://www.php.net/manual/en/
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Command line text file viewing and editing - .odt etc. mitchellray Linux - Newbie 1 04-14-2009 04:41 PM
prevent viewing password bobcat10.44 Linux - Newbie 1 02-17-2009 03:33 PM
In Need Of Software, Image Viewing and Video Editing jlacroix Linux - Software 4 06-03-2005 08:09 AM
Viewing my root password / creating an all permissions user ssobeht Linux - Security 16 11-01-2003 02:25 PM
viewing my password brandonAd Linux - Newbie 7 08-12-2003 12:52 PM


All times are GMT -5. The time now is 08:30 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration