Re: Shadow Passwords

If you just want to add one user at a time as root, just separate the steps:

# useradd joe
# passwd joe
New Password: *****
[download]

But you're asking about the way to automate it.

The /etc/shadow file takes multiple hashing formats for passwords. (Encryption is a misnomer; encryption can be reversed but hashing cannot.) There's crypt() as you've tried, and there's MD5 and a few other hashing functions. The system knows the difference based on the first couple characters. (You didn't cut and paste your shadow example literally, since your crypt() function would not have begun with a '$1'.)

Although you can get such hashes from the command line:

# openssl passwd -salt '$1' 'mypassword'
$1XahR1gy5QBc
# openssl passwd -apr1 -salt '$1' 'mypasswd'
$apr1$$1$WU93LWav20QAwX/j3i0CW/
[download]

I hope other monks can discuss what's necessary for a script to use a module (maybe Digest::MD5) to properly hash and encode the type and hash for /etc/shadow.

--
[ e d @ h a l l e y . c c ]

Comment on Re: Shadow Passwords Select or Download Code

Replies are listed 'Best First'.
Re: Re: Shadow Passwords by iburrell (Chaplain) on May 04, 2003 at 22:20 UTC
The Linux passwd supports the `--stdin` option to read the password from stdin. This should be easy to automate with Perl. Using passwd means that PAM handles changing the password and it knows the current configuration of shadow, MD5, etc. `system("useradd $user"); open PASSWD, "\| passwd --stdin $user"; print PASSWD $password; close PASSWD;` [download]	[reply] [d/l] [select]