SUSE / openSUSEThis Forum is for the discussion of Suse Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello all,
I'm trying to script the adding of new users to a suse10 system using perl. Unfortunately the encryption in the /etc/shadow file is not as I expected. Encrypting the password with crypt doesn't work but adding the user/password with passwd or yast does. Below is a snippet of my /etc/shadow
User fred was added interactively using yast and works fine for my purpose. User albert was added via my script using crypt and doesn't work. Seemingly, I'm using the wrong encryption system. Can anyone tell me whats happening and perhaps point me in the right direction.
Thanks.
ps the perl module Passwd::Linux produces identical results to my homemade effort.
Just tried that. Unfortunately mkpasswd is a front end to crypt which is what I'm already using. looking at the length of the suse10 encrypted passwords theyre not generated using crypt ....
Strange...SuSE 10.0 has anything different in this matter ?
I use it in a script to create users in a SuSE 9.0 box from users it get from a Windows 2000 server.
Code:
# install the new password
cryptpass=$(mkpasswd $CLEARTEXT aa)
sed -e '/'^${NEWUSER}'/s#:!!:#:'${cryptpass}':#' $SHADOW > ${SHADOW}.new
cp ${SHADOW} ${SHADOW}.previous
cp ${SHADOW}.new ${SHADOW}
Even the length is short than expected, did you give it a try ?
Yes. I installed whois and then ran mkpasswd from the command line. The two users in my example both have an identically short password (I think they are both 8 chars). mkpasswd produced similar output to the albert (crypt) example.
The password for "/bin/su - fluffyvoidbunny" was "thisisjustatest".
I agree the encrypted pasword length is not the same, but at least it works.I can't explain the oversized length in encrypted passwords when using the GUI.
I don't have any trouble adding users or setting the encrypted shadow password. My problem is that the users I create don't work with vsftpd whereas the ones created with yast or the bash "passwd" do. I can create a user with a short password as you did but vsftpd then rejects that users login. If I then change that users password with "passwd" I get a long encrypted string in my shadow file and vsftpd then accepts it. I'm missing something somewhere and I thought perhaps it was that suse10 handled passwords differently or there is an extra process involved somewhere that I'm unaware of.
albert:eve.6xZHiDams:13216:0:99999:7::: - my perl created user, like yours (vsftpd rejects login)
Now I change the password at the commandline with passwd command and in my shadow file I get :- albert:$2a$10$2b2P978zQUmQMC68mSQNmelcrDC6AmsD/qFiAyEC8676p1Kp4sCcq:13216:0:99999:7::: - (vsftpd now accepts login).
Both encrypted strings refer to the same password which in this case is "letmein".
It looks to me like suse10 have strengthened the password encryption cos I'm pretty sure that my users would be OK on other systems. As you say, it works, as in we get a user that looks perfectly valid .... but it doesn't actually work.
As you suggest, I'll re-check my code....
Thanks again
Checked my code and your suggestion does work!
I can get a login with an encrypted password generated with mkpasswd but not using crypt or the perl linux password module.
Thanks again, again.
Last edited by fluffyvoidbunny; 03-09-2006 at 01:51 PM.
My problem is that the users I create don't work with vsftpd
Oh! this information is new. I did not know you are talking about vsftpd until your last post
Ok. Starting again. Did you have nscd running ? nscd is a cache for /etc/passwd and /etc/shadow.
May be you need to reload it. "rcnscd reload". Create a user using your script and reload nscd. try to get log on in the system using ftp.
Sorry, I didn't want to expand the question too much cos its like asking you to do my job for me which is not a reasonable request. Anyway after re-examining my code as you suggested I found my error and you had solved the problem in your first post. The solution in perl is a 3 liner ...
my $new_user = "fred_flintstone";
my $password = "letmein";
my $passwd_crypted = `mkpasswd $password wT`; # crypt $password, 'Wn' ; #`mkpasswd $password wT`;
my $new_user_home = "/home/" . $new_user;
my $shell = "/bin/false"; #"/bin/bash/"; #for redhat '/sbin/nologin';
system "useradd $new_user -p $passwd_crypted -d $new_user_home -g my_group -G '' -s $shell";
mkdir $new_user_home;
system "chown $new_user $new_user_home";
This adds new users with a vsftp home dir, allows ftp logins but disables terminal logins. For some reason my perl crypt didnt seem to work which led me to think (wrongly) that the short encrypted passwords were the problem. mkpasswd sorted that. Also I didn't know I had a "nscd" - and it is running. I'll watch that in future.
Thankyou very much for your help.
Last edited by fluffyvoidbunny; 03-10-2006 at 03:27 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.