Server :: Adding Entries Directly In Password Shadow File
Mar 11, 2011
I am working on building a customized ISO image of a server based on linux. The thing is after the server is installed and run for the first time, three users have to be created for the various services to run properly. I want this to be automated. To achieve this what is was thinking is automatically enter the user entries in the /etc/passwd and /etc/shadow files through init scripts when the server starts for the first time after the installation. I tried creating user and assigning password in one of my machine, and the /etc/passwd and the /etc/shadow entries of this user I copied it into the other machine and tried login in on the other machine and everything worked fine. How I am trying to achieve this.
I want to know, how does changes happened in the encrypted password in /etc/shadow file , when user changing password . because user doesnot have access on that file
Today i was going through some of security guides written on linux .Under shadow file security following points were mentioned.1)The encrypted password stored under /etc/shadow file should have more than 14-25 characters.2)Usernames in shadow file must satisfy to all the same rules as usernames in /etc/passwd.3)password for application Username should display * if username is not locked.4)If a user is locked it should be displayed as ! as the first character in second field of shadow file.
Confusion for point 1 and 2:Now i m confused as why the encrypted password should be more than 14-25 characters.Also what rules to satisfy How to check it?Confusion for point 3 and 4:There are lot of users with * as second field i guess they are not locked but according to 4th point there are lot of users with ! as first characters.How would i check whether they are actually locked or not.I m posting the output of /etc/shadow and /etc/passwd files for the account.
I noticed that our /etc/shadow file is readable on a patch I released for one of our in house linux boxes a while back ago. Could they use it to gain access the root account etc? Our passwords are all MD5 encrypted.
I would like to grep all values other than encrypted password from /etc/shadow fileFor example,each line consists of 8 fields separated with :/The only thing that I want not to print out is the contents between first : and second : (encrypted password)
I've been trying to write php or perl code to generate the sha-512 password hashes in fedora. I've been unable to do the hashing which is encoded in the shadow file on fedora core 11. Does anyone have php or perl code which provides the hashing algorithm. (All of my attempts result in the encrypted hashing being longer than 86 character -- the length that crypt says the sha-512 should be)
I currently have an LDAP database on my Suse 10.2 server for managing authentication and controlling emails for my Cyrus email server. I use this setup to provide email functionality to my web and email hosting clients, as well as DNS functionality, and it uses the default LDAP database that was setup when OpenLDAP was initially configured. Email support is working wonderfully, I might add. I also tested and verified the use of an email lookup directory in two different email clients (Outlook and Evolution) so that I can tell one of my clients how to lookup the email address of users who are setup in the LDAP server, and it works beautifully.
However, I'd also like to be able to allow my clients to build a shared contact database that can also be used in their email clients so that they can share them among all of their users. Ideally, I would need to be able to allow each client to have their own database of shared contacts, and I assume this would be done by creating a new LDAP database for each client company (i.e. group of users) that can contain the list of shared contacts for any of that client's users. When they configure their email client directory settings, they would enter the base path to their database in order to retrieve their shared contact database entries.
In my web searches, I've found plenty of CRM solutions on the web that claim to provide this type of functionality, but I believe that OpenLDAP contains everything I need to make this work without adding another layer of software to the server solution. (I subscribe to the "Keep it Simple, Stupid!" approach whenever possible.) Essentially, I need to have People entries in a client's LDAP database that are NOT email users on the system. The fields in the standard people schema are all the fields they would need - as long as I can figure out how best to add these non-user entries in the LDAP database. Are there any potential difficulties in creating additional LDAP databases expressly for this purpose?
Are there any tricks to adding contact entries into a client's LDAP database without them also being current email users on the server, so that those entries can be retrieved through an Email Client directory lookup? I will also want to provide an easy method for my client users to add new entries to their LDAP contact database, most likely through a web interface for them that could then issue LDAP commands on the server based on the input fields for the new contact. (I don't believe this is possible from within the email client itself.) Is there any reason this could not be done with the proper configuration? What should I be aware of as I setup this contact management web interface? Is there a better way for non-technical client users to manage this list of shared contacts?
I am moving my Linux server from Suse 10 to Ubuntu 9.04 and I moved the significant parts of /etc/shadow, /etc/passwd, and /etc/group over to Ubuntu 9.04. I am not able to login into the computer with the old accounts. The only problem I see is that the old accounts use Blowfish and DES to encrypt the passwords in /etc/shadow, and Ubuntu uses SHA512. If I change the passwords, the accounts will work. However; I have about 300 accounts to move, and I don't want to do that to all of them. I have tired Ubuntu Forums and talked to every linux expert I know, and no one has an answer.
subnet IP netmask MASK { range IP START IP END ; default-lease-time 86400; max-lease-time 172800; }
And now in the /var/lib/dhcpd/dhcpd.lease file, there few entrie for the same IP. Sometime I've ten same entries for the same IP. Can I have only one entrie by IP? Is there any problems in my configuration of my dhcpd.conf file?
I am trying to read a file uploaded by a simple <input type="file"> form and directly write it to a mysql blob - without saving it to the filesystem. I tryed something like:
Code:
It writes some few Bytes to the DB and there is no error, but it's not the actual file that is being written.
i'm using ubuntu 9.10... i'm working on some projects on L4 microkernel... i want to add it to the grub...i was familiar with the earlier grub, i.e editing the menu.lst...
title = L4Ka:istachio/i586 pingpong kernel=/boot/kickstart module=/boot/i586-kernel module=/boot/sigma0 module=/boot/pingpong
how can i do this in new grub version...? i tried adding the following to /etc/grub.d/40_custom but failed...
menuentry "L4Ka:istachio" { set root=(hd0,9) kernel=/boot/kickstart[code ]..........
The /etc/shadow file contains an id of $1$, $2$, $5$ or $6$ to show the encryption method used.A salt follows this,followed by the password hash.When a user is created and a password is set, a hash is RANDOMLY generated and used as the salt to the password hash. Everytime that user logs in, login checks /etc/shadow for the $id$ and salt and runs the password given by the user through the hash mechanism ($id$) using the salt in /etc/shadow.So basically does login look at /etc/shadow for the $id$ and salt to create a hash with which to compare to the /etc/shadow hash?question 2 - If my $id$ was $5$, which is sha256, how would i go about changing this? Like is there a shadow.conf or crypt.conf or something? Can i change it per user?
Any one know how add entrie at Application menu? Is only "sound & video, office, internet, games and system" but i installed other software from ubuntu repositories for education, but in Applications is possible see all programs, i need a entrie called "Education" or "Science" for more easily find them. How can add? In Menu editor is not possible.
I need to manually convert an string ( like with echo ) to a DES crypt format to be inserted inside a /etc/shadow file, does anybody knows how can I do that?
Maybe there are some little tool that could handle that operation, well.. I don't know, hope someone can give me a hint on that.
Is it possible to add menu entries for older kernels to boot instead of the latest?
I have tried this in Ubuntu 10.04 and it hasn't worked.
This used to be possible with ease in grub legacy.
I copied the current menu entry from /boot/grub/grub.cfg and pasted it in the /etc/grub.d/ 20_custom file.
Then I changed the kernel number to the older kernel number and the initrd number too. #update-grub puts this entry into 'grub.cfg', but it doesn't work.
I get:
The old kernel is in /boot as well as the respective initrd and config files.
How do I stop this? Ideally I'll only have two entries, Fedora 15 and Windows 7 where Windows is set as the default primary o/s to boot up. The current method I use is to fiddle around with that grub file and set default to entry 3, which used to be Windows 7 but is now a Fedora (which means Fedora is now set to default boot up).
I installed Ubuntu in a dual-boot with Windows 7, and installed the bootloader (GRUB? However, I have some weird Windows XP Embedded entry! I also have a lot of different boot options for Ubuntu. All I want is my Windows 7 entry (picked up as Windows Vista) and my main Ubuntu entry. How can I edit the bootloader entries (remove some existing ones, not adding any) so I have only two on there?
I am trying to write a remote access module. Is there any function in linux where I can give string (password entered by user) and compare it with the actual user password stored in /etc/shadow. Since the password is stored encrypted in /etc/shadow I cannot parse and compare. So I want some method to compare if my user entered the correct password..Is there any function for that..
I need to create a script that returns a list of the users who have never changed their password from /etc/shadow. As I know on linux there is a command "chage" used for find last password change.
Although all the passwords are under one Keyring folder, I have to type in the password 4 times. Is this the way the keyring is supposed to work? If so, can I help change this somehow(I'm not a programmer, unfortunately)? It seems that a lot of people have this problem and getting it to work out-of-the-box could bring in more potential users. (Also, different topic, is there anyway to make Dropbox wait until I enter keyring passwords to try to connect or wait until a connection is made to try to connect?
I recently mashed the passwd, shadow, gshadow, group files in my Fedora 12 installation. I was dumb and didn't take a copy of the originals and all I have is the originals from a Fedora 11 installation.
i am new to debian. I need to know after booting sequence login shell appears to get username and password. so what happens when user puts username and password ?? how this given username and password are matched with /etc/shadow file ??
my another question is what is role of /etc/pam.d/ authenticating username and password ?? does it work with shadow file or not ?
I am just wondering what encryption method the shadow file uses, so that I may be able to manually change it. I ask this because I am trying to make a web page that will allow people to change their linux password via a browser.
I'm running RHEL 5. When using the GUI System>Administration>Users and Groups, I get the error: The user database cannot be read. This problem is most likely caused by a mismatch between /etc/passwd and /etc/shadow or /etc/group and /etc/gshadow. The program will exit now.
Some research showed that I need to use vipw and vigr respectively to find an inconsistency between these two sets, which I did - to make it easy I copied each from [vipw | vigr] to an excel file and did =exact(%1, %2). There are no inconsistencies.
I have followed the instructions at http://www.vcn.bc.ca/~dugan/setting-up-slackware.html (under "Making Firefox Perfect"), but I still get the error message"Firefox doesn't know how to open this address, because the protocol (rtsp) isn't associated with any program."
I'm trying to learn how to create a user account manually on the system, and I've edited the /etc/passwd and /etc/groups as well as creating a new home directory by copying /etc/skel but I'm stuck at how to generate an entry in the /etc/shadow file since it comprises of the hash and all?
