generate a password string to be used by the useradd command - Security

This is a discussion on generate a password string to be used by the useradd command - Security ; How to generate a password string to be used by the useradd command? e.g. If I want my password to be "zxASqw12", then what should the parameter of the "useradd test -p" command be?...

+ Reply to Thread
Results 1 to 8 of 8

Thread: generate a password string to be used by the useradd command

  1. generate a password string to be used by the useradd command

    How to generate a password string to be used by the useradd command?

    e.g. If I want my password to be "zxASqw12", then what should the
    parameter of the "useradd test -p" command be?


  2. Re: generate a password string to be used by the useradd command

    wong_powah@yahoo.ca :
    > How to generate a password string to be used by the useradd command?
    >
    > e.g. If I want my password to be "zxASqw12", then what should the
    > parameter of the "useradd test -p" command be?


    The manpage says that's the encrypted password as returned from
    crypt. I see there's something called mcrypt to replace crypt, so
    maybe:

    useradd test -p `mcrypt zxASqw12` # <-- those are backtics.

    However, useradd's default is to leave the account disabled, meaning
    the user will have to change the password before they'll be allowed
    in. If you didn't use something as obvious as "test" for the
    username, that might be the way to go.


    --
    Any technology distinguishable from magic is insufficiently advanced.
    (*) http://www.spots.ab.ca/~keeling Linux Counter #80292
    - - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.

  3. Re: generate a password string to be used by the useradd command

    wong_powah@yahoo.ca (07-07-09 09:11:43):

    > How to generate a password string to be used by the useradd command?
    >
    > e.g. If I want my password to be "zxASqw12", then what should the
    > parameter of the "useradd test -p" command be?


    Why don't you just use the `passwd' utility?


    Regards,
    Ertugrul Söylemez.


    --
    Security is the one concept, which makes things in your life stay as
    they are. Otto is a man, who is afraid of changes in his life; so
    naturally he does not employ security.

  4. Re: generate a password string to be used by the useradd command

    On Jul 9, 10:24 pm, Ertugrul Soeylemez
    wrote:
    > wong_po...@yahoo.ca (07-07-09 09:11:43):
    >
    > > How to generate a password string to be used by the useradd command?

    >
    > > e.g. If I want my password to be "zxASqw12", then what should the
    > > parameter of the "useradd test -p" command be?

    >
    > Why don't you just use the `passwd' utility?
    >
    > Regards,
    > Ertugrul Söylemez.
    >
    > --
    > Security is the one concept, which makes things in your life stay as
    > they are. Otto is a man, who is afraid of changes in his life; so
    > naturally he does not employ security.


    I want to execute useradd in a script.


  5. Re: generate a password string to be used by the useradd command

    On Jul 9, 2:08 pm, "s. keeling" wrote:
    > wong_po...@yahoo.ca :
    >
    > > How to generate a password string to be used by the useradd command?

    >
    > > e.g. If I want my password to be "zxASqw12", then what should the
    > > parameter of the "useradd test -p" command be?

    >
    > The manpage says that's the encrypted password as returned from
    > crypt. I see there's something called mcrypt to replace crypt, so
    > maybe:
    >
    > useradd test -p `mcrypt zxASqw12` # <-- those are backtics.
    >
    > However, useradd's default is to leave the account disabled, meaning
    > the user will have to change the password before they'll be allowed
    > in. If you didn't use something as obvious as "test" for the
    > username, that might be the way to go.
    >
    > --
    > Any technology distinguishable from magic is insufficiently advanced.
    > (*) http://www.spots.ab.ca/~keeling Linux Counter #80292
    > - - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.


    If the user will have to change the password before they'll be allowed
    in, then will the original password be overwritten before it is used?


  6. Re: generate a password string to be used by the useradd command

    wong_powah@yahoo.ca (07-07-10 15:06:14):

    > > > How to generate a password string to be used by the useradd command?
    > > > e.g. If I want my password to be "zxASqw12", then what should the
    > > > parameter of the "useradd test -p" command be?

    > >
    > > Why don't you just use the `passwd' utility?

    >
    > I want to execute useradd in a script.


    So what? Use both in the script.


    Regards,
    Ertugrul Söylemez.


    --
    Security is the one concept, which makes things in your life stay as
    they are. Otto is a man, who is afraid of changes in his life; so
    naturally he does not employ security.

  7. Re: generate a password string to be used by the useradd command

    wong_powah@yahoo.ca wrote:
    > On Jul 9, 2:08 pm, "s. keeling" wrote:
    >> wong_po...@yahoo.ca :
    >>
    >>> How to generate a password string to be used by the useradd command?
    >>> e.g. If I want my password to be "zxASqw12", then what should the
    >>> parameter of the "useradd test -p" command be?

    >> The manpage says that's the encrypted password as returned from
    >> crypt. I see there's something called mcrypt to replace crypt, so
    >> maybe:
    >>
    >> useradd test -p `mcrypt zxASqw12` # <-- those are backtics.
    >>
    >> However, useradd's default is to leave the account disabled, meaning
    >> the user will have to change the password before they'll be allowed
    >> in. If you didn't use something as obvious as "test" for the
    >> username, that might be the way to go.
    >>
    >> --
    >> Any technology distinguishable from magic is insufficiently advanced.
    >> (*) http://www.spots.ab.ca/~keeling Linux Counter #80292
    >> - - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.

    >
    > If the user will have to change the password before they'll be allowed
    > in, then will the original password be overwritten before it is used?
    >


    There's a bit more to it than this. If you look at the manpage for
    mcrypt, you'll see you need a bunch of parameters, and it's not on my
    machine anyway. I would suggest better way is to write a wrapper around
    the crypt function, see the section 3 man page for crypt. You also need
    to generate a "salt", which is just a random string to help add some
    strength to the algorithm. Doing this with your chosen password above
    yields this string as one possibility:
    $1$WpHFiwYg$K8edj5oHulcaYWMq4SNX1.
    (Note that the period at the end of the string happens to be part of the
    string, not punctuation. Also beware of the $'s when passing this
    string through the shell.)

    I don't think you have to worry about changing the password by the
    user--as far as I can tell from the man page, useradd only disables the
    account when the password isn't provided.

    Having said all that, wouldn't it be easier to follow the earlier
    suggestion, which was to add the user with useradd and then use passwd
    to set the password?

    --
    Steve

  8. Re: generate a password string to be used by the useradd command

    On Jul 10, 11:36 pm, Steve Sentoff wrote:
    > wong_po...@yahoo.ca wrote:
    > > On Jul 9, 2:08 pm, "s. keeling" wrote:
    > >> wong_po...@yahoo.ca :

    >
    > >>> How to generate a password string to be used by the useradd command?
    > >>> e.g. If I want my password to be "zxASqw12", then what should the
    > >>> parameter of the "useradd test -p" command be?
    > >> The manpage says that's the encrypted password as returned from
    > >> crypt. I see there's something called mcrypt to replace crypt, so
    > >> maybe:

    >
    > >> useradd test -p `mcrypt zxASqw12` # <-- those are backtics.

    >
    > >> However, useradd's default is to leave the account disabled, meaning
    > >> the user will have to change the password before they'll be allowed
    > >> in. If you didn't use something as obvious as "test" for the
    > >> username, that might be the way to go.

    >
    > >> --
    > >> Any technology distinguishable from magic is insufficiently advanced.
    > >> (*) http://www.spots.ab.ca/~keeling Linux Counter #80292
    > >> - - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.

    >
    > > If the user will have to change the password before they'll be allowed
    > > in, then will the original password be overwritten before it is used?

    >
    > There's a bit more to it than this. If you look at the manpage for
    > mcrypt, you'll see you need a bunch of parameters, and it's not on my
    > machine anyway. I would suggest better way is to write a wrapper around
    > the crypt function, see the section 3 man page for crypt. You also need
    > to generate a "salt", which is just a random string to help add some
    > strength to the algorithm. Doing this with your chosen password above
    > yields this string as one possibility:
    > $1$WpHFiwYg$K8edj5oHulcaYWMq4SNX1.
    > (Note that the period at the end of the string happens to be part of the
    > string, not punctuation. Also beware of the $'s when passing this
    > string through the shell.)
    >
    > I don't think you have to worry about changing the password by the
    > user--as far as I can tell from the man page, useradd only disables the
    > account when the password isn't provided.
    >
    > Having said all that, wouldn't it be easier to follow the earlier
    > suggestion, which was to add the user with useradd and then use passwd
    > to set the password?
    >
    > --
    > Steve


    I add the user with useradd and then use passwd to set the password.

    # useradd -m -G users,wheel -s /bin/bash operator4
    # passwd operator4
    Changing password for user operator4.
    New UNIX password:
    Retype new UNIX password:
    passwd: all authentication tokens updated successfully.

    # echo "AllowUsers operator4" >> /etc/ssh/sshd_config

    $ ssh operator4@172.20.11.46
    operator4@172.20.11.46's password:
    Permission denied, please try again.
    operator4@172.20.11.46's password:


+ Reply to Thread