LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Suse/Novell
User Name
Password
Suse/Novell This Forum is for the discussion of Suse Linux.

Notices

Reply
 
Search this Thread
Old 03-09-2006, 10:04 AM   #1
fluffyvoidbunny
LQ Newbie
 
Registered: Feb 2006
Distribution: suse fedora
Posts: 16

Rep: Reputation: 0
Reset user password via script


Hello all,
I'm trying to script the adding of new users to a suse10 system using perl. Unfortunately the encryption in the /etc/shadow file is not as I expected. Encrypting the password with crypt doesn't work but adding the user/password with passwd or yast does. Below is a snippet of my /etc/shadow

fred:$2a$05$8S2qhdrle2ZnEjqZV4iAu.1daO5/coUumuyeggfLII2Z3zjypt4nm:13216:0:99999:7:::
albert:eve.6xZHiDams:13216:0:99999:7:::

User fred was added interactively using yast and works fine for my purpose. User albert was added via my script using crypt and doesn't work. Seemingly, I'm using the wrong encryption system. Can anyone tell me whats happening and perhaps point me in the right direction.

Thanks.

ps the perl module Passwd::Linux produces identical results to my homemade effort.
 
Old 03-09-2006, 10:35 AM   #2
marozsas
Senior Member
 
Registered: Dec 2005
Location: Campinas/SP - Brazil
Distribution: SuSE, RHEL, Fedora, Ubuntu
Posts: 1,393
Blog Entries: 1

Rep: Reputation: 63
Use the program mkpasswd which is part of whois rpm package.
mkpasswd creates encrypted strings from a clear-text password as first argument.

cheers
 
Old 03-09-2006, 10:48 AM   #3
fluffyvoidbunny
LQ Newbie
 
Registered: Feb 2006
Distribution: suse fedora
Posts: 16

Original Poster
Rep: Reputation: 0
mkpasswd

Just tried that. Unfortunately mkpasswd is a front end to crypt which is what I'm already using. looking at the length of the suse10 encrypted passwords theyre not generated using crypt ....
 
Old 03-09-2006, 11:05 AM   #4
marozsas
Senior Member
 
Registered: Dec 2005
Location: Campinas/SP - Brazil
Distribution: SuSE, RHEL, Fedora, Ubuntu
Posts: 1,393
Blog Entries: 1

Rep: Reputation: 63
Strange...SuSE 10.0 has anything different in this matter ?
I use it in a script to create users in a SuSE 9.0 box from users it get from a Windows 2000 server.
Code:
# install the new password
cryptpass=$(mkpasswd $CLEARTEXT aa)
sed -e '/'^${NEWUSER}'/s#:!!:#:'${cryptpass}':#' $SHADOW > ${SHADOW}.new
cp ${SHADOW} ${SHADOW}.previous
cp ${SHADOW}.new ${SHADOW}
Even the length is short than expected, did you give it a try ?
 
Old 03-09-2006, 11:15 AM   #5
fluffyvoidbunny
LQ Newbie
 
Registered: Feb 2006
Distribution: suse fedora
Posts: 16

Original Poster
Rep: Reputation: 0
Yes. I installed whois and then ran mkpasswd from the command line. The two users in my example both have an identically short password (I think they are both 8 chars). mkpasswd produced similar output to the albert (crypt) example.
 
Old 03-09-2006, 11:41 AM   #6
marozsas
Senior Member
 
Registered: Dec 2005
Location: Campinas/SP - Brazil
Distribution: SuSE, RHEL, Fedora, Ubuntu
Posts: 1,393
Blog Entries: 1

Rep: Reputation: 63
Man, check your code. I just do that in my Suse 10.0, just to be sure. Look:
Code:
miguel@gold:~> /bin/su -
Password:
gold:~ # useradd -c "Test User" -m fluffyvoidbunny
gold:~ # grep fluffyvoidbunny /etc/shadow
fluffyvoidbunny:!:13216:0:99999:7:::
gold:~ # cryptpass=$(mkpasswd thisisjustatest aa)
gold:~ # echo $cryptpass
aalVeXfVW8xfw
gold:~ # sed -e '/'^fluffyvoidbunny'/s#:!:#:'${cryptpass}':#' /etc/shadow > /tmp/shadow.new
gold:~ # cp /etc/shadow /etc/shadow.previous
gold:~ # cp /tmp/shadow.new /etc/shadow
gold:~ # logout
miguel@gold:~> /bin/su - fluffyvoidbunny
Password:
fluffyvoidbunny@gold:~> uname -a
Linux gold 2.6.13-15.8-default #1 Tue Feb 7 11:07:24 UTC 2006 i686 i686 i386 GNU                      /Linux
fluffyvoidbunny@gold:~> cat /etc/issue

Welcome to SUSE LINUX 10.0 (i586) - Kernel \r (\l).


fluffyvoidbunny@gold:~>
The password for "/bin/su - fluffyvoidbunny" was "thisisjustatest".

I agree the encrypted pasword length is not the same, but at least it works.I can't explain the oversized length in encrypted passwords when using the GUI.

cheers,
 
Old 03-09-2006, 01:14 PM   #7
fluffyvoidbunny
LQ Newbie
 
Registered: Feb 2006
Distribution: suse fedora
Posts: 16

Original Poster
Rep: Reputation: 0
I don't have any trouble adding users or setting the encrypted shadow password. My problem is that the users I create don't work with vsftpd whereas the ones created with yast or the bash "passwd" do. I can create a user with a short password as you did but vsftpd then rejects that users login. If I then change that users password with "passwd" I get a long encrypted string in my shadow file and vsftpd then accepts it. I'm missing something somewhere and I thought perhaps it was that suse10 handled passwords differently or there is an extra process involved somewhere that I'm unaware of.

albert:eve.6xZHiDams:13216:0:99999:7::: - my perl created user, like yours (vsftpd rejects login)
Now I change the password at the commandline with passwd command and in my shadow file I get :-
albert:$2a$10$2b2P978zQUmQMC68mSQNmelcrDC6AmsD/qFiAyEC8676p1Kp4sCcq:13216:0:99999:7::: - (vsftpd now accepts login).
Both encrypted strings refer to the same password which in this case is "letmein".
It looks to me like suse10 have strengthened the password encryption cos I'm pretty sure that my users would be OK on other systems. As you say, it works, as in we get a user that looks perfectly valid .... but it doesn't actually work.

As you suggest, I'll re-check my code....

Thanks again


Checked my code and your suggestion does work!
I can get a login with an encrypted password generated with mkpasswd but not using crypt or the perl linux password module.


Thanks again, again.

Last edited by fluffyvoidbunny; 03-09-2006 at 01:51 PM.
 
Old 03-09-2006, 01:48 PM   #8
marozsas
Senior Member
 
Registered: Dec 2005
Location: Campinas/SP - Brazil
Distribution: SuSE, RHEL, Fedora, Ubuntu
Posts: 1,393
Blog Entries: 1

Rep: Reputation: 63
Quote:
My problem is that the users I create don't work with vsftpd
Oh! this information is new. I did not know you are talking about vsftpd until your last post

Ok. Starting again. Did you have nscd running ? nscd is a cache for /etc/passwd and /etc/shadow.
May be you need to reload it. "rcnscd reload". Create a user using your script and reload nscd. try to get log on in the system using ftp.

cheers,
 
Old 03-10-2006, 02:18 AM   #9
fluffyvoidbunny
LQ Newbie
 
Registered: Feb 2006
Distribution: suse fedora
Posts: 16

Original Poster
Rep: Reputation: 0
Sorry, I didn't want to expand the question too much cos its like asking you to do my job for me which is not a reasonable request. Anyway after re-examining my code as you suggested I found my error and you had solved the problem in your first post. The solution in perl is a 3 liner ...

my $new_user = "fred_flintstone";
my $password = "letmein";
my $passwd_crypted = `mkpasswd $password wT`; # crypt $password, 'Wn' ; #`mkpasswd $password wT`;
my $new_user_home = "/home/" . $new_user;
my $shell = "/bin/false"; #"/bin/bash/"; #for redhat '/sbin/nologin';

system "useradd $new_user -p $passwd_crypted -d $new_user_home -g my_group -G '' -s $shell";
mkdir $new_user_home;
system "chown $new_user $new_user_home";


This adds new users with a vsftp home dir, allows ftp logins but disables terminal logins. For some reason my perl crypt didnt seem to work which led me to think (wrongly) that the short encrypted passwords were the problem. mkpasswd sorted that. Also I didn't know I had a "nscd" - and it is running. I'll watch that in future.

Thankyou very much for your help.

Last edited by fluffyvoidbunny; 03-10-2006 at 03:27 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to retrieve( or reset) root password in Mandrake Linux, as I forgot my password? Reghunath Linux - Software 4 05-08-2008 04:11 AM
Running a script as root with sudo without entering the user password kloss Linux - General 8 10-10-2005 11:39 AM
HOW-TO? Create User, Set Password with script longtex Suse/Novell 13 10-02-2005 02:35 PM
Password reset hongman Linux - Newbie 2 07-11-2005 05:46 AM
how to assign password for a user in shell script mtest Programming 10 10-29-2003 06:52 AM


All times are GMT -5. The time now is 07:48 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration