LinuxQuestions.org
Visit Jeremy's Blog.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
Reload this Page BASH scripting: Hide plain text passwords
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Reply
  Search this Thread
Old 06-15-2010, 03:49 AM   #1
sqn
Member
 
Registered: Apr 2002
Distribution: Ubuntu, Arch, freeBSD, Slackware
Posts: 210

Rep: Reputation: 30
Question BASH scripting: Hide plain text passwords

Hi all,

I was wondering if there is way to hide passwords in bash scripts.
For example: I have to write a script to export a full ldap structure, and I'm using the ldapsearch -y passwordfile, where password file is a plain text file that contains the password. Is there a way to hide the password from that file?

I was thinking to remove the r attribute from the file and before the script is lunched to put the attribute back, but is not a good solution, the same with immutable attribute.

Do you know a better solution?
 
Old 06-15-2010, 04:10 AM   #2
centosboy
Senior Member
 
Registered: May 2009
Location: london
Distribution: centos5
Posts: 1,137

Rep: Reputation: 116Reputation: 116
Quote:
Originally Posted by sqn View Post
Hi all,

I was wondering if there is way to hide passwords in bash scripts.
For example: I have to write a script to export a full ldap structure, and I'm using the ldapsearch -y passwordfile, where password file is a plain text file that contains the password. Is there a way to hide the password from that file?

I was thinking to remove the r attribute from the file and before the script is lunched to put the attribute back, but is not a good solution, the same with immutable attribute.

Do you know a better solution?
why not a solution where the password must be input at a prompt?
 
Old 06-15-2010, 04:16 AM   #3
sqn
Member
 
Registered: Apr 2002
Distribution: Ubuntu, Arch, freeBSD, Slackware
Posts: 210

Original Poster
Rep: Reputation: 30
it's a script that should run from cron, without user intervention
 
Old 06-15-2010, 05:09 AM   #4
centosboy
Senior Member
 
Registered: May 2009
Location: london
Distribution: centos5
Posts: 1,137

Rep: Reputation: 116Reputation: 116
Quote:
Originally Posted by sqn View Post
it's a script that should run from cron, without user intervention
how about inserting an encrypted password into your script?
encrypt with crypt.

Code:
perl -e 'print crypt("password", "salt"),"\n"'
not sure if it would work as i have not tested..
 
Old 06-15-2010, 05:39 AM   #5
sqn
Member
 
Registered: Apr 2002
Distribution: Ubuntu, Arch, freeBSD, Slackware
Posts: 210

Original Poster
Rep: Reputation: 30
the problem is that i need to decrypt it before running ldapsearch and encrypting it again after. Is that possible?
 
Old 06-15-2010, 05:40 AM   #6
sqn
Member
 
Registered: Apr 2002
Distribution: Ubuntu, Arch, freeBSD, Slackware
Posts: 210

Original Poster
Rep: Reputation: 30
I though abou using openssl, but the password of the crypt is still in plain text
 
Old 06-15-2010, 05:52 AM   #7
centosboy
Senior Member
 
Registered: May 2009
Location: london
Distribution: centos5
Posts: 1,137

Rep: Reputation: 116Reputation: 116
Quote:
Originally Posted by sqn View Post
the problem is that i need to decrypt it before running ldapsearch and encrypting it again after. Is that possible?
you shouldnt need to decrypt if ldap was compiled with --enable-crypt

i found many links with a quick google search

http://www.google.co.uk/search?q=lda...ient=firefox-a
 
Old 06-16-2010, 05:55 AM   #8
sqn
Member
 
Registered: Apr 2002
Distribution: Ubuntu, Arch, freeBSD, Slackware
Posts: 210

Original Poster
Rep: Reputation: 30
So i solved the problem using xxd
So i've converted the password in HEX and i use xxd to covert it back to asci

echo AA AA AA AA AA|xxd -r -p >pass.tmp
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Bash scripting, separating variable from string text emmalg Linux - Newbie 3 06-26-2009 03:31 AM
text search and replacement: bash scripting jettachamp26 Programming 35 02-25-2008 06:00 PM
how to change some text of a certain line of a text file with bash and *nix scripting alred Programming 6 07-10-2006 11:55 AM
Bash scripting to check text in a website carlp Programming 2 09-20-2005 11:14 AM
Bash scripting (hide sterr messages) Quantum0726 Programming 2 06-07-2005 08:05 PM

LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 10:39 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration