-   SUSE / openSUSE (
-   -   Reset user password via script (

fluffyvoidbunny 03-09-2006 10:04 AM

Reset user password via script
Hello all,
I'm trying to script the adding of new users to a suse10 system using perl. Unfortunately the encryption in the /etc/shadow file is not as I expected. Encrypting the password with crypt doesn't work but adding the user/password with passwd or yast does. Below is a snippet of my /etc/shadow


User fred was added interactively using yast and works fine for my purpose. User albert was added via my script using crypt and doesn't work. Seemingly, I'm using the wrong encryption system. Can anyone tell me whats happening and perhaps point me in the right direction.


ps the perl module Passwd::Linux produces identical results to my homemade effort.

marozsas 03-09-2006 10:35 AM

Use the program mkpasswd which is part of whois rpm package.
mkpasswd creates encrypted strings from a clear-text password as first argument.


fluffyvoidbunny 03-09-2006 10:48 AM

Just tried that. Unfortunately mkpasswd is a front end to crypt which is what I'm already using. looking at the length of the suse10 encrypted passwords theyre not generated using crypt ....

marozsas 03-09-2006 11:05 AM

Strange...SuSE 10.0 has anything different in this matter ?
I use it in a script to create users in a SuSE 9.0 box from users it get from a Windows 2000 server.

# install the new password
cryptpass=$(mkpasswd $CLEARTEXT aa)
sed -e '/'^${NEWUSER}'/s#:!!:#:'${cryptpass}':#' $SHADOW > ${SHADOW}.new
cp ${SHADOW} ${SHADOW}.previous
cp ${SHADOW}.new ${SHADOW}

Even the length is short than expected, did you give it a try ?

fluffyvoidbunny 03-09-2006 11:15 AM

Yes. I installed whois and then ran mkpasswd from the command line. The two users in my example both have an identically short password (I think they are both 8 chars). mkpasswd produced similar output to the albert (crypt) example.

marozsas 03-09-2006 11:41 AM

Man, check your code. I just do that in my Suse 10.0, just to be sure. Look:

miguel@gold:~> /bin/su -
gold:~ # useradd -c "Test User" -m fluffyvoidbunny
gold:~ # grep fluffyvoidbunny /etc/shadow
gold:~ # cryptpass=$(mkpasswd thisisjustatest aa)
gold:~ # echo $cryptpass
gold:~ # sed -e '/'^fluffyvoidbunny'/s#:!:#:'${cryptpass}':#' /etc/shadow > /tmp/
gold:~ # cp /etc/shadow /etc/shadow.previous
gold:~ # cp /tmp/ /etc/shadow
gold:~ # logout
miguel@gold:~> /bin/su - fluffyvoidbunny
fluffyvoidbunny@gold:~> uname -a
Linux gold 2.6.13-15.8-default #1 Tue Feb 7 11:07:24 UTC 2006 i686 i686 i386 GNU                      /Linux
fluffyvoidbunny@gold:~> cat /etc/issue

Welcome to SUSE LINUX 10.0 (i586) - Kernel \r (\l).


The password for "/bin/su - fluffyvoidbunny" was "thisisjustatest".

I agree the encrypted pasword length is not the same, but at least it works.I can't explain the oversized length in encrypted passwords when using the GUI.


fluffyvoidbunny 03-09-2006 01:14 PM

I don't have any trouble adding users or setting the encrypted shadow password. My problem is that the users I create don't work with vsftpd whereas the ones created with yast or the bash "passwd" do. I can create a user with a short password as you did but vsftpd then rejects that users login. If I then change that users password with "passwd" I get a long encrypted string in my shadow file and vsftpd then accepts it. I'm missing something somewhere and I thought perhaps it was that suse10 handled passwords differently or there is an extra process involved somewhere that I'm unaware of.

albert:eve.6xZHiDams:13216:0:99999:7::: - my perl created user, like yours (vsftpd rejects login)
Now I change the password at the commandline with passwd command and in my shadow file I get :-
albert:$2a$10$2b2P978zQUmQMC68mSQNmelcrDC6AmsD/qFiAyEC8676p1Kp4sCcq:13216:0:99999:7::: - (vsftpd now accepts login).
Both encrypted strings refer to the same password which in this case is "letmein".
It looks to me like suse10 have strengthened the password encryption cos I'm pretty sure that my users would be OK on other systems. As you say, it works, as in we get a user that looks perfectly valid .... but it doesn't actually work.

As you suggest, I'll re-check my code....

Thanks again

Checked my code and your suggestion does work!
I can get a login with an encrypted password generated with mkpasswd but not using crypt or the perl linux password module.

Thanks again, again.

marozsas 03-09-2006 01:48 PM


My problem is that the users I create don't work with vsftpd
Oh! this information is new. I did not know you are talking about vsftpd until your last post :(

Ok. Starting again. Did you have nscd running ? nscd is a cache for /etc/passwd and /etc/shadow.
May be you need to reload it. "rcnscd reload". Create a user using your script and reload nscd. try to get log on in the system using ftp.


fluffyvoidbunny 03-10-2006 02:18 AM

Sorry, I didn't want to expand the question too much cos its like asking you to do my job for me which is not a reasonable request. Anyway after re-examining my code as you suggested I found my error and you had solved the problem in your first post. The solution in perl is a 3 liner ...

my $new_user = "fred_flintstone";
my $password = "letmein";
my $passwd_crypted = `mkpasswd $password wT`; # crypt $password, 'Wn' ; #`mkpasswd $password wT`;
my $new_user_home = "/home/" . $new_user;
my $shell = "/bin/false"; #"/bin/bash/"; #for redhat '/sbin/nologin';

system "useradd $new_user -p $passwd_crypted -d $new_user_home -g my_group -G '' -s $shell";
mkdir $new_user_home;
system "chown $new_user $new_user_home";

This adds new users with a vsftp home dir, allows ftp logins but disables terminal logins. For some reason my perl crypt didnt seem to work which led me to think (wrongly) that the short encrypted passwords were the problem. mkpasswd sorted that. Also I didn't know I had a "nscd" - and it is running. I'll watch that in future.

Thankyou very much for your help.

All times are GMT -5. The time now is 09:17 AM.