Reset user password via script
I'm trying to script the adding of new users to a suse10 system using perl. Unfortunately the encryption in the /etc/shadow file is not as I expected. Encrypting the password with crypt doesn't work but adding the user/password with passwd or yast does. Below is a snippet of my /etc/shadow
User fred was added interactively using yast and works fine for my purpose. User albert was added via my script using crypt and doesn't work. Seemingly, I'm using the wrong encryption system. Can anyone tell me whats happening and perhaps point me in the right direction.
ps the perl module Passwd::Linux produces identical results to my homemade effort.
Use the program mkpasswd which is part of whois rpm package.
mkpasswd creates encrypted strings from a clear-text password as first argument.
Just tried that. Unfortunately mkpasswd is a front end to crypt which is what I'm already using. looking at the length of the suse10 encrypted passwords theyre not generated using crypt ....
Strange...SuSE 10.0 has anything different in this matter ?
I use it in a script to create users in a SuSE 9.0 box from users it get from a Windows 2000 server.
Yes. I installed whois and then ran mkpasswd from the command line. The two users in my example both have an identically short password (I think they are both 8 chars). mkpasswd produced similar output to the albert (crypt) example.
Man, check your code. I just do that in my Suse 10.0, just to be sure. Look:
I agree the encrypted pasword length is not the same, but at least it works.I can't explain the oversized length in encrypted passwords when using the GUI.
I don't have any trouble adding users or setting the encrypted shadow password. My problem is that the users I create don't work with vsftpd whereas the ones created with yast or the bash "passwd" do. I can create a user with a short password as you did but vsftpd then rejects that users login. If I then change that users password with "passwd" I get a long encrypted string in my shadow file and vsftpd then accepts it. I'm missing something somewhere and I thought perhaps it was that suse10 handled passwords differently or there is an extra process involved somewhere that I'm unaware of.
albert:eve.6xZHiDams:13216:0:99999:7::: - my perl created user, like yours (vsftpd rejects login)
Now I change the password at the commandline with passwd command and in my shadow file I get :-
albert:$2a$10$2b2P978zQUmQMC68mSQNmelcrDC6AmsD/qFiAyEC8676p1Kp4sCcq:13216:0:99999:7::: - (vsftpd now accepts login).
Both encrypted strings refer to the same password which in this case is "letmein".
It looks to me like suse10 have strengthened the password encryption cos I'm pretty sure that my users would be OK on other systems. As you say, it works, as in we get a user that looks perfectly valid .... but it doesn't actually work.
As you suggest, I'll re-check my code....
Checked my code and your suggestion does work!
I can get a login with an encrypted password generated with mkpasswd but not using crypt or the perl linux password module.
Thanks again, again.
Ok. Starting again. Did you have nscd running ? nscd is a cache for /etc/passwd and /etc/shadow.
May be you need to reload it. "rcnscd reload". Create a user using your script and reload nscd. try to get log on in the system using ftp.
Sorry, I didn't want to expand the question too much cos its like asking you to do my job for me which is not a reasonable request. Anyway after re-examining my code as you suggested I found my error and you had solved the problem in your first post. The solution in perl is a 3 liner ...
my $new_user = "fred_flintstone";
my $password = "letmein";
my $passwd_crypted = `mkpasswd $password wT`; # crypt $password, 'Wn' ; #`mkpasswd $password wT`;
my $new_user_home = "/home/" . $new_user;
my $shell = "/bin/false"; #"/bin/bash/"; #for redhat '/sbin/nologin';
system "useradd $new_user -p $passwd_crypted -d $new_user_home -g my_group -G '' -s $shell";
system "chown $new_user $new_user_home";
This adds new users with a vsftp home dir, allows ftp logins but disables terminal logins. For some reason my perl crypt didnt seem to work which led me to think (wrongly) that the short encrypted passwords were the problem. mkpasswd sorted that. Also I didn't know I had a "nscd" - and it is running. I'll watch that in future.
Thankyou very much for your help.
|All times are GMT -5. The time now is 09:30 AM.|