passwd problem

passwd problem

Post by Budai Gabo » Fri, 02 Jul 1999 04:00:00



Hi!

How can I add a password for a user from file? I
tried "passwd user <file", but it doesn't work.
Help me, please!
GabX

 
 
 

passwd problem

Post by Andreas Schlag » Sat, 03 Jul 1999 04:00:00



>Hi!

>How can I add a password for a user from file? I
>tried "passwd user <file", but it doesn't work.
>Help me, please!
>GabX

Hi,

this won't work because the 'passwd' command is not able to read the password
from stdin due to security reasons.

regards,

Andreas Schlager

M. Kaindl Holzindustrie
Walser Weg 12
A-5071 Wals / Salzburg

 
 
 

passwd problem

Post by ian Lain » Mon, 05 Jul 1999 04:00:00


Hi,

As stated in a previous append - use of "here" documents and redirection
of input simply isn't allowed for passwd for security reasons.

Imagine allowing a user to simply type passwd userid new-password.
The first thing a hacker's going to do is scan as many .sh_history files
as they can to find out passwords or just a "sniff" of where the input
file is to see if they can see inside it.

That said you can find some sample code out there to allow you to create
your own C code to do the job and there are samples out there that are
ready to compile.

Try scanning web for chpass (I think) as thats what I used some time ago
to develop a password change program - understand though that you need
to be root to run it and you have to be careful to tidy up after you and
chmod 000 input files so only root can read them (or better still delete
them after use).

I also read about some time ago a "product" called Expect(?) which
allows amongst other things scripting password changes but don't know
how that works.

Cheerio,
ian Laing

 
 
 

passwd problem

Post by Toni Andjelkovi » Tue, 06 Jul 1999 04:00:00



> I also read about some time ago a "product" called Expect(?) which
> allows amongst other things scripting password changes but don't know
> how that works.

get expect from http://www-frec.bull.com/download/out/expect-5.24.0.0.exe,
or delete expect, sed & awk from your disks and use perl ;)
(you'll also need
http://www.cpan.org/modules/by-module/Expect/Expect.pm-1.07.tar.gz)

#!/usr/bin/perl
# chpasswd.pl
#
use Expect;
$usage = "$0 username new-password";
$USER = $ARGV[0] or die "$usage\n";
$NEWPASS = $ARGV[1] or die "$usage\n";
$command = Expect->spawn("/usr/bin/passwd $USER") or die "$!\n";
die "$!\n" unless $command->expect(5,"password:");
print $command "$NEWPASS\r";
die "$!\n" unless $command->expect(5,"password:");
print $command "$NEWPASS\r";
sleep(1);
$command->hard_close();
exit(0);

nevertheless, as ian said, you really should consider
your .sh_history before using it.

cheers,
--
Toni Andjelkovic       |       (TA627-RIPE)      |

--------------------------------------------------

 
 
 

1. NIS+/passwd problems

Hello,

I administrate several Sun Ultra1 workstations running Solaris 2.5.1 4/97

with several patches. All credentials and permission rights seem to

be ok, but if a user attempts to change his password on a client machine,

the following error message appears:

riker:schorsch:{/home/kirk1/schorsch}{33}:nispasswd
nispasswd:  Changing password for schorsch
Enter login(NIS+) password:
Sorry: wrong passwd
Permission denied

The passwort changing on the server works fine.

Has somebody a solution for this problem?

Thanks a lot and bye,

Christian Becker

2. system("ls") --> C program ?

3. Passwd problem with Redhat

4. Penmouse

5. Shadow Passwd problems - does not work

6. Learning C on Linux

7. newbie passwd problem,

8. Undefined Symbol: _isnan

9. Can't change password - PASSWD problem

10. passwd problem

11. Redhat 4.2 passwd problems

12. passwd problem