From: Stan.Pietkiewicz@statcan.ca
Date: Mon Jul 15 2002 - 13:47:42 EDT
My apologies for the delayed summary, but I felt that a summary should
include the solution...;-})
Thanks for the many hints. With suggestions from several list members, the
following script was what our resident Perl programmer came up with:
***************
#!/usr/local/bin/perl
############################################################################
#
# Automated password change with password generator, to be run by root
#
# Name: chpass
# Params: user - Name of the user whose password is to be changed
# Purpose: Generate & Encrypt a new password. Encrypt so that the
# password can be placed directly in the shadow file.
# Return: The unencrypted password
#
############################################################################
$shadow = "/etc/shadow";
$user = shift; # User to change
password
@passwd = split /:/, &genpass; # New password
$pwd = $passwd[1]; # Encrypted password
open SHADOW, $shadow || die "Could not open shadow";
@lines = <SHADOW>; # Read in all lines
of the shadow file
foreach $line (@lines) {
if ($line =~ /$user:/) { # Match for desired
user ($user)
$line =~ s/:(\w*|\W*)+:/:$pwd:/; # Substitute
password with new one
}
}
close SHADOW || die "Close failed"; # Close the original
shadow file
`chmod o+w $shadow`; # Set permissions to
read only
open SHADOW, ">" . $shadow || "Could not open shadow";
print SHADOW @lines; # Print array to
temp shadow file.
close SHADOW || die "Close failed";
`chmod o-w $shadow`; # Set permissions to
read only
print $passwd[0], "\n";
############################################################################
#
# Name: genpass
# Params: (none)
# Purpose: Generates a password and encrypt it so that the passwd
# field can be placed directly in the shadow file.
# Return: Returns a string with the password and the encrypted string
# separated by a semi-colon
#
############################################################################
sub genpass {
srand(time() ^ ($$ + ($$ << 15)) ); # Sets seed for
random number
$secret = ""; # Will hold
generated password
while (! ($secret =~ /\w{10}/)) { # Loop generates 10
characters
$roll = int(rand 255);
$char = chr($roll);
if ($char =~ /\w{1}/) {
$secret = $secret . $char;
}
}
$passwd = substr($secret, 2,10); # Actual password
$salt = $secret; # Used in the
encryption function
return $passwd . ":" . crypt($passwd, $salt); # Return string
}
exit;
*****************************************
Original question:
I am looking for a way to generate a password (ideally relatively difficult
to guess) within a script to run on a Solaris 2.6 machine. Any ideas on how
this could be done?
Thanks....
Stan Pietkiewicz
Stan.Pietkiewicz@statcan.ca
Informatics Technology Services Division - Statistics Canada
It may be statistically possible that my opinion is the same
as someone else's - but it is still my opinion!
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:24:35 EDT