LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 07-09-2007, 12:04 PM   #1
powah
Member
 
Registered: Mar 2005
Distribution: FC, Gentoo
Posts: 276

Rep: Reputation: 30
generate a password string to be used by the useradd command


How to generate a password string to be used by the useradd command?

e.g. If I want my password to be "zxASqw12", then what should the parameter of the "useradd test -p" command be?
 
Old 07-09-2007, 03:30 PM   #2
mallux
Member
 
Registered: Jun 2007
Location: London, UK
Distribution: Ubuntu, RHEL, Fedora
Posts: 46
Blog Entries: 1

Rep: Reputation: 16
The program you want is "pwgen", it's available in the Fedora repositories. There is a nice example here which explains how to use it with useradd.
 
Old 07-09-2007, 03:35 PM   #3
jeenam
Member
 
Registered: Dec 2006
Distribution: Slackware 11
Posts: 144

Rep: Reputation: 15
The -p switch for useradd requires an encrypted password. Here's a simple way to do what you need(openssl required):

useradd -d /path/to/home -s /path/to/shell -p `openssl passwd -1 <password>` username

In plan english: useradd -d /home/testuser -s /bin/bash -p `openssl passwd -1 pickapassword` testuser


An explanation of how openssl generates a shadow style hash here: http://www.madboa.com/geek/openssl/#passwd-md5

Last edited by jeenam; 07-09-2007 at 03:37 PM.
 
Old 07-17-2007, 10:46 PM   #4
powah
Member
 
Registered: Mar 2005
Distribution: FC, Gentoo
Posts: 276

Original Poster
Rep: Reputation: 30
I tried
perl -e 'print crypt("sec!urXw12", "salt"),"\n"'

perl -e 'print crypt("sec!urXw12", "op"),"\n"'

perl -e 'print crypt("sec!urXw12", "mo"),"\n"'

However, the passwords generated by perl or openssl did not work on another computer.
Is there a better to generate encrypted password to be used by the useradd command?
 
Old 07-18-2007, 10:54 PM   #5
ShellyCat
Member
 
Registered: Jul 2007
Distribution: Slackware 13
Posts: 178

Rep: Reputation: 28
Post I have the same problem.

I tried the example supplied by "jeenam", for example:
Quote:
root@darkstarlogin~#: useradd -mp 'openssl passwd -1 MyPassword' myusername
What it did was save the quoted string, openssl passwd -1 MyPassword, to /etc/shadow.


Quote:
Originally Posted by jeenam
An explanation of how openssl generates a shadow style hash here: http://www.madboa.com/geek/openssl/#passwd-md5
I tried that, to generate a hash and then copy the hash exactly. I did copy it correctly. For example:
Quote:
root@darkstarlogin~#: openssl passwd -1 MyPassword
$lK3abLo$xoRskF$oBwanKenObi
root@darkstarlogin~#: useradd -mp $lK3abLo$xoRskF$oBwanKenObi myusername
However, the new user could not log in!


This is the only solution I found:
Warning:
  • Do not do this on a public computer!
  • Do not use this to create a user for anyone except yourself! (Will have same password as root!)
  • If you botch the "/etc/shadow" file, you may not be able to log in at all, even as root!
  1. Remove the user from your previous attempts (if a user was created successfully).
  2. Create the new user without using the -p option. (The user's account will be disabled until you complete the rest of these steps, unless you have configured your system to not require users to have passwords.)
  3. Use "touch" to create a textfile where you can easily find it (like your "/root" directory).
  4. Copy "/etc/shadow" to that new file, so now they have the same content.
  5. Open the new file in your favorite editor, and copy root's password hash to where the new user's password hash needs to go.
  6. Check very closely that you copied that whole hash and nothing but the hash!
  7. Copy this file back to "/etc/shadow", overwriting the original.
  8. Reboot and try to log in as the new user, with the same password you use to log in as root.
Quote:
root@darkstarlogin~#: userdel -r myusername
root@darkstarlogin~#: useradd -m myusername
root@darkstarlogin~#: touch /root/userPassword.txt
root@darkstarlogin~#: cp /etc/shadow /root/userPassword.txt
root@darkstarlogin~#: nano -w /root/userPassword.txt
(Proceed to edit by copying the root user's password hash to where the new user's hash needs to go, erasing the "!" if there is one there. Nano happens to be the editor I prefer. Make sure to DOUBLE-CHECK your changes, and SAVE THE CHANGES before you exit the editor!)
root@darkstarlogin~#: cp /root/userPassword.txt /etc/shadow
(Now, REBOOT and LOG IN as new user; use THE SAME PASSWORD YOU DO FOR ROOT!)
 
Old 07-18-2007, 11:16 PM   #6
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 655Reputation: 655Reputation: 655Reputation: 655Reputation: 655Reputation: 655
I think that it might be an idea to test the hashing function you use on your own password and then compare with the /etc/shadow entry. Part of the problem may be if you have any extra characters added such as \n.

Determine whether MD5 or another algorythm is used to hash passwords. Also, you may have changed what is used, so check out which hashing algorithm is used before proceeding.

Quote:
Originally Posted by /etc/pam.d/system-auth
...
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
...
/etc/default/passwd:
Code:
cat /etc/default/passwd
# This file contains some information for
# the passwd (1) command and other tools
# creating or modifying passwords.

# Define default crypt hash. This hash will be
# used, if there is no hash for a special service
# the user is stored in.
# CRYPT={des,md5,blowfish}
CRYPT=md5

# Use another crypt hash for group passwowrds.
# This is used by gpasswd, fallback is the CRYPT entry.
# GROUP_CRYPT=des


# We can override the default for a special service
# by appending the service name (FILES, YP, NISPLUS, LDAP)

# for local files, use a more secure hash. We
# don't need to be portable here:
CRYPT_FILES=blowfish
# sometimes we need to specify special options for
# a hash (variable is prepended by the name of the
# crypt hash).
BLOWFISH_CRYPT_FILES=10

# For NIS, we should always use DES:
CRYPT_YP=des

Last edited by jschiwal; 07-18-2007 at 11:37 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
useradd -p <encrypted password> jeewiz Linux - Newbie 1 01-19-2007 09:17 AM
Disabling password expiration via useradd or usermod (or something else)? eviser Linux - Software 2 05-31-2006 02:53 PM
useradd without shadow password twallstr Linux - Software 1 09-08-2005 03:14 PM
Password Problems With useradd Jude Lucien Debian 4 08-18-2005 11:44 AM
set logon password without useradd? ldp Linux - Security 2 01-22-2005 08:12 PM


All times are GMT -5. The time now is 02:19 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration