Reputation: 136
check password linux user
I am on debian 9.
I have a problem to check the password of a linux user in my scripts. I realized that the different linux tools for creating and modifying a user password gave results of different pattern in /etc/shadow
To create a user
pwLinux="abcdef1234"
userLinux="toto02"
pwCrypt=$(perl -e 'print crypt($ARGV[0], "zzz")' $pwLinux)
useradd -m -G adm,dip,plugdev,www-data,sudo -p $pwCrypt $userLinux
I have in /etc/shadow
toto02:zzDxrNjXuUs3U:17469:0:99999:7:::
In another script I want check the password input by the user with
USERNAME="toto02"
PASSWD="abcdef1234"
ORIGPASS=`grep -w "$USERNAME" /etc/shadow | cut -d: -f2`
ORIGPASS=`echo $ORIGPASS | cut -d"$" -f2`
GENPASS=$(perl -e 'print crypt($ARGV[0], "zzz")' $PASSWD)
if [ "$GENPASS" == "$ORIGPASS" ]; then
echo "Valid Password"
exit 0
else
echo "Invalid Password"
exit 1
fi
it's ok The trouble starts here: if I want to change passwords in a script I use
# username "toto02", newPwd "aabbcc"
echo "${username}:${newPwd}" | chpasswd
I can not use passwd because everything has to be done without interactivity.
I have in /etc/shadow
toto02:$6$rLklwx9K$Brv4lvNjR.S7f8i.Lmt8.iv8pgcbKhwDgINzhT1XwCBbD7XkB98lCtwUK3/4hdylkganoLuh/eIc38PtMArgZ/:17469:0:99999:7:::
If i want to check this password i must use a different script.
First problem how to have the same pattern of password in both cases?
i use:
#!/bin/bash
USERNAME="toto02"
PASSWD="aabbcc"
ORIGPASS=`grep -w "$USERNAME" /etc/shadow | cut -d: -f2`
export ALGO=`echo $ORIGPASS | cut -d"$" -f2`
export SALT=`echo $ORIGPASS | cut -d"$" -f3`
echo "algo: -$ALGO-"
echo "salt: -$SALT-"
echo "pwd entré: -$PASSWD-"
echo "shadow: -$ORIGPASS-"
GENPASS="$(perl -e 'print crypt("$ENV{PSWD}","\$$ENV{ALGO}\$$ENV{SALT}\$")')"
echo "pwd généré: -$GENPASS-"
if [ "$GENPASS" == "$ORIGPASS" ]; then
echo "Valid Password"
exit 0
else
echo "Invalid Password"
exit 1
fi
Which give:
algo: -6-
salt: -rLklwx9K-
pwd entré: -aabbcc-
shadow: -$6$rLklwx9K$Brv4lvNjR.S7f8i.Lmt8.iv8pgcbKhwDgINzhT1XwCBbD7XkB98lCtwUK3/4hdylkganoLuh/eIc38PtMArgZ/-
pwd généré: -$6$rLklwx9K$AIX1bUMAK9bwdd2g3ST5VtXTvHlHXHxnh4Xj.fLdxjaEkAAvHeeN5islid0wtmZN5u1zWQBup./IP8IH9i6W7/-
Invalid Password
The generated chain is different! why?
How to cure it ?
Thank you
Upvotes: 2
Views: 6720
Answers (2)
Reputation: 136
YES is good now it's been hours that I'm on and I could not see anything!
#!/bin/bash
USERNAME=$1 # "toto02"
export PASSWD=$2 # "aabbcc"
ORIGPASS=`grep -w "$USERNAME" /etc/shadow | cut -d: -f2`
export ALGO=`echo $ORIGPASS | cut -d"$" -f2`
export SALT=`echo $ORIGPASS | cut -d"$" -f3`
echo "algo: -$ALGO-"
echo "salt: -$SALT-"
echo "pw entré: -$PASSWD-"
echo "shadow: -$ORIGPASS-"
GENPASS="$(perl -e 'print crypt("$ENV{PASSWD}","\$$ENV{ALGO}\$$ENV{SALT}\$")')"
echo "pass génére: -$GENPASS-"
if [ "$GENPASS" == "$ORIGPASS" ]; then
echo "Valid Password"
exit 0
else
echo "Invalid Password"
exit 1
fi
algo: -6-
salt: -rYc.lGtG-
pw entré: -aabbcc-
shadow: -$6$rYc.lGtG$wMHAM.nXHk1J5sDRmcHeBLW1sRQA/xQcjJSZxkls4BratyWf.KoQST14pPjNWDiUKwfegC96Lhjgjbj4YbZoc.-
pass génére: -$6$rYc.lGtG$wMHAM.nXHk1J5sDRmcHeBLW1sRQA/xQcjJSZxkls4BratyWf.KoQST14pPjNWDiUKwfegC96Lhjgjbj4YbZoc.-
Valid Password
Thank you very much, but is there a way to have the same type of password with useradd and chpasswd
Upvotes: 0
Reputation: 88601
Replace PSWD with PASSWD and replace PASSWD="aabbcc" with export PASSWD="aabbcc".
Upvotes: 1
Related Questions
- Is there a perl module to validate passwords stored in "{crypt}hashedpassword" "{ssha}hashedpassword" "{md5}hashedpassword"
- How to pass password via Perl script
- Generate valid Unix username and password in Perl
- How could I hide/protect password from a Perl script
- Password encryption and storing of password - Perl
- Compare current password of a Linux user with an entered password in Perl
- How can I encrypt or hide passwords in a Perl script?
- Perl encrypting STDIN passwords
- Login on password prompt in linux through perl script
- perl password confirmation