From owner-freebsd-security Fri Jun 8 12:19:59 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.gmx.net (pop.gmx.net [194.221.183.20]) by hub.freebsd.org (Postfix) with SMTP id B23BF37B403 for ; Fri, 8 Jun 2001 12:19:55 -0700 (PDT) (envelope-from Gerhard.Sittig@gmx.net) Received: (qmail 17060 invoked by uid 0); 8 Jun 2001 19:19:54 -0000 Received: from p3ee21626.dip.t-dialin.net (HELO speedy.gsinet) (62.226.22.38) by mail.gmx.net (mail01) with SMTP; 8 Jun 2001 19:19:54 -0000 Received: (from sittig@localhost) by speedy.gsinet (8.8.8/8.8.8) id TAA24642 for freebsd-security@FreeBSD.ORG; Fri, 8 Jun 2001 19:13:04 +0200 Date: Fri, 8 Jun 2001 19:13:04 +0200 From: Gerhard Sittig To: freebsd-security@FreeBSD.ORG Subject: Re: Encrypted passwords Message-ID: <20010608191304.N17514@speedy.gsinet> Mail-Followup-To: freebsd-security@FreeBSD.ORG References: <20010607220227.W59617@mail.webmonster.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from david@slis-two.lis.fsu.edu on Thu, Jun 07, 2001 at 04:33:38PM -0400 Organization: System Defenestrators Inc. Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Jun 07, 2001 at 16:33 -0400, David Miner wrote: > On Thu, 7 Jun 2001, Karsten W. Rohrbach wrote: > > > correct me if i am just stupid, but i don't get the point > > echo -n passW0Rd | pw -u testuser -h 1 > > sets the password of "testuser" to "passW0Rd", soring it in > > the auth system you prefer in encrypted form. am i missing > > something? > > > > /k > > > No, I don't think you have missed the point. Using echo and > piping it into pw would work. I am trying read the cleartext > password from a file and, since I haven't figured out how the > pw file descriptor works, encrypt it and use the chpass utility > to get it into /etc/passwd. Why are you trying to do this manually? It's as simple as echo "$PASSWORD" | pw usermod -n $USERNAME -h 0 (this is exactly what you can read in "man pw"). There shouldn't be much of a problem in any scripting language to pipe the cleartext password into the pw(8) command after creating the user (or during creating it, but I didn't test this -- while changing an existing user's password went fine here, as well as disabling it by means of "-h -"). > It looks like it encrypts correctly, but the user cannot log in > with that password. So something must be wrong with the > encryption system or the way I have put the pieces together. The problem probably is that you want to reinvent existing functionality. :) Just use what's at your hands! virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message