generate a password string to be used by the useradd command

powah · 07-09-2007, 11:04 AM

How to generate a password string to be used by the useradd command?

e.g. If I want my password to be "zxASqw12", then what should the parameter of the "useradd test -p" command be?

mallux · 07-09-2007, 02:30 PM

The program you want is "pwgen", it's available in the Fedora repositories. There is a nice example here which explains how to use it with useradd.

jeenam · 07-09-2007, 02:35 PM

The -p switch for useradd requires an encrypted password. Here's a simple way to do what you need(openssl required):

useradd -d /path/to/home -s /path/to/shell -p `openssl passwd -1 <password>` username

In plan english: useradd -d /home/testuser -s /bin/bash -p `openssl passwd -1 pickapassword` testuser

An explanation of how openssl generates a shadow style hash here: http://www.madboa.com/geek/openssl/#passwd-md5

powah · 07-17-2007, 09:46 PM

I tried
perl -e 'print crypt("sec!urXw12", "salt"),"\n"'

perl -e 'print crypt("sec!urXw12", "op"),"\n"'

perl -e 'print crypt("sec!urXw12", "mo"),"\n"'

However, the passwords generated by perl or openssl did not work on another computer.
Is there a better to generate encrypted password to be used by the useradd command?

ShellyCat · 07-18-2007, 09:54 PM

I tried the example supplied by "jeenam", for example:

Quote:

root@darkstarlogin~#: useradd -mp 'openssl passwd -1 MyPassword' myusername

What it did was save the quoted string, openssl passwd -1 MyPassword, to /etc/shadow.

Quote:

Originally Posted by jeenam

An explanation of how openssl generates a shadow style hash here: http://www.madboa.com/geek/openssl/#passwd-md5

I tried that, to generate a hash and then copy the hash exactly. I did copy it correctly. For example:

Quote:

root@darkstarlogin~#: openssl passwd -1 MyPassword
$lK3abLo$xoRskF$oBwanKenObi
root@darkstarlogin~#: useradd -mp $lK3abLo$xoRskF$oBwanKenObi myusername

However, the new user could not log in!

This is the only solution I found:
Warning:

Do not do this on a public computer!
Do not use this to create a user for anyone except yourself! (Will have same password as root!)
If you botch the "/etc/shadow" file, you may not be able to log in at all, even as root!

Remove the user from your previous attempts (if a user was created successfully).
Create the new user without using the -p option. (The user's account will be disabled until you complete the rest of these steps, unless you have configured your system to not require users to have passwords.)
Use "touch" to create a textfile where you can easily find it (like your "/root" directory).
Copy "/etc/shadow" to that new file, so now they have the same content.
Open the new file in your favorite editor, and copy root's password hash to where the new user's password hash needs to go.
Check very closely that you copied that whole hash and nothing but the hash!
Copy this file back to "/etc/shadow", overwriting the original.
Reboot and try to log in as the new user, with the same password you use to log in as root.

Quote:

root@darkstarlogin~#: userdel -r myusername
root@darkstarlogin~#: useradd -m myusername
root@darkstarlogin~#: touch /root/userPassword.txt
root@darkstarlogin~#: cp /etc/shadow /root/userPassword.txt
root@darkstarlogin~#: nano -w /root/userPassword.txt
(Proceed to edit by copying the root user's password hash to where the new user's hash needs to go, erasing the "!" if there is one there. Nano happens to be the editor I prefer. Make sure to DOUBLE-CHECK your changes, and SAVE THE CHANGES before you exit the editor!)
root@darkstarlogin~#: cp /root/userPassword.txt /etc/shadow
(Now, REBOOT and LOG IN as new user; use THE SAME PASSWORD YOU DO FOR ROOT!)

jschiwal · 07-18-2007, 10:16 PM

I think that it might be an idea to test the hashing function you use on your own password and then compare with the /etc/shadow entry. Part of the problem may be if you have any extra characters added such as \n.

Determine whether MD5 or another algorythm is used to hash passwords. Also, you may have changed what is used, so check out which hashing algorithm is used before proceeding.

Quote:

Originally Posted by /etc/pam.d/system-auth

...
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
...

/etc/default/passwd:

Code:

cat /etc/default/passwd
# This file contains some information for
# the passwd (1) command and other tools
# creating or modifying passwords.

# Define default crypt hash. This hash will be
# used, if there is no hash for a special service
# the user is stored in.
# CRYPT={des,md5,blowfish}
CRYPT=md5

# Use another crypt hash for group passwowrds.
# This is used by gpasswd, fallback is the CRYPT entry.
# GROUP_CRYPT=des


# We can override the default for a special service
# by appending the service name (FILES, YP, NISPLUS, LDAP)

# for local files, use a more secure hash. We
# don't need to be portable here:
CRYPT_FILES=blowfish
# sometimes we need to specify special options for
# a hash (variable is prepended by the name of the
# crypt hash).
BLOWFISH_CRYPT_FILES=10

# For NIS, we should always use DES:
CRYPT_YP=des

nlsteffens · 06-20-2023, 12:59 AM

to generate a SHA-512 hash use this command:

openssl passwd -6 "plainpassword"

for other options using Perl and Python, have a look at this page: https://linuxconfig.org/how-to-hash-passwords-on-linux

jmccue · 06-20-2023, 08:27 AM

There are many ways, another way is to do this:

Code:

tr -cd "[:alnum:]" < /dev/urandom | fold -w 20 | sed 10q

for a 20 character PW. See man tr(1) for other values to use for "alnum".

Jan K. · 06-20-2023, 11:40 AM

Erhm... thread is 16 years old...

mannubahti95 · 06-27-2023, 06:23 AM

Determine whether MD5 or another algorythm is used to hash passwords. Also, you may have changed what is used, so check out which hashing algorithm is used before proceeding.
Pikashow
ppsspp emulator