Hi there!


I have been generating passwords for users automatically with the
following method:

/usr/bin/mkpasswd -s 0 -v username

I'm the sysadmin on a Slack 10.0 system.

The passwords are generated (you have to wait some seconds), and there
is actually something written to the /etc/shadow file. But they won't
work!

Can someone please help me, I have no idea why they should not work!

Thank You In Advance,



--
Michael

r-znvy: zvpunry.wryqra jro.qr (chg gur "@" jurer vg svgf...)
ab fcnz cyrnfr

upro wrote:

>Hi there!
>
>
>I have been generating passwords for users automatically with the
>following method:
>
>/usr/bin/mkpasswd -s 0 -v username
>
>I'm the sysadmin on a Slack 10.0 system.
>
>The passwords are generated (you have to wait some seconds), and there
>is actually something written to the /etc/shadow file. But they won't
>work!
>
>Can someone please help me, I have no idea why they should not work!
>
>Thank You In Advance,
>
>
Try the following.

It will generate a standard Unix/Linux password that you can copy/paste
into shadow (or group). I use this for generating passwords for CVS.

Compile it with

cc -o cvspas cvspas.c -lcrypt

Have fun.

#ident "$Id: cvspas.c,v 1.1 2004/11/08 17:51:40 trona Exp $"

#include <stdio.h>
#include <stdlib.h>
#include <pwd.h>
#include <time.h>
#include <unistd.h>

extern char *crypt (const char *, const char *);

void main (int argc, char *argv [])
{
char salt [3];
char *passwd, *encryptedpw;
char *user;
int i;

/* seed the random number generator */
srand ((int) time ((unsigned int) NULL));
/*
* we need two random numbers in the range
* >= 65 <= 90 or >= 97 <= 122 (that's A - Z
* or a - z inclusive) for the salt characters
*/
while ((i = rand()) < 65 ||
i > 90 && i < 97 ||
i > 122)
;
salt [0] = i;
while ((i = rand()) < 65 ||
i > 90 && i < 97 ||
i > 122)
;
salt [1] = i;
salt [2] = '\0';
/* find out who we are */
if ((user = getenv ("USER")) == (char *) NULL) {
(void) fprintf (stderr,
"%s:\tunable to determine user id\n",
argv [0]);
exit (EXIT_FAILURE);
}
/* ask for the password */
passwd = getpass ("Password to encrypt: ");
/* crypt() only looks at the first two characters of salt */
encryptedpw = crypt (passwd, salt);
(void) fprintf (stdout, "%s:%s\n", user, encryptedpw);
exit (EXIT_SUCCESS);
}

On Wed, 17 Nov 2004 15:11:30 +0100, upro wrote:

> Hi there!
>
>
> I have been generating passwords for users automatically with the
> following method:
>
> /usr/bin/mkpasswd -s 0 -v username
>
> I'm the sysadmin on a Slack 10.0 system.
>
> The passwords are generated (you have to wait some seconds), and there
> is actually something written to the /etc/shadow file. But they won't
> work!
>
> Can someone please help me, I have no idea why they should not work!
>
> Thank You In Advance,


I would suggest you rethink the problem. I always been against generated
passwords. Why? Because I could never remember the damned things - first
thing I would always do was write down the password - defeats the security
it's supposed to enhance.

ray <ray@zianet.com> writes:

> On Wed, 17 Nov 2004 15:11:30 +0100, upro wrote:
>
>> Hi there!
>>
>>
>> I have been generating passwords for users automatically with the
>> following method:
>>
>> /usr/bin/mkpasswd -s 0 -v username
>>
>> I'm the sysadmin on a Slack 10.0 system.
>>
>> The passwords are generated (you have to wait some seconds), and there
>> is actually something written to the /etc/shadow file. But they won't
>> work!
>>
>> Can someone please help me, I have no idea why they should not work!
>>
>> Thank You In Advance,
>
>
> I would suggest you rethink the problem. I always been against generated
> passwords. Why? Because I could never remember the damned things - first
> thing I would always do was write down the password - defeats the security
> it's supposed to enhance.
>

Thanks to both of you!

My actual task was to add automatically some 80 users to a new
system. I'm in the luxury situation of setting up and deploying a
_very_ nice network from scratch, with all the accessoires and
services I desire...

But inventing, copying and pasting some 80 paswords to the shadow file
seems ... rather non-unix like to me... SO I tried to find a
"workaround"...

And now: Any ideas why my line above wouldn't work?

Michael

--
Michael

r-znvy: zvpunry.wryqra jro.qr (chg gur "@" jurer vg svgf...)
ab fcnz cyrnfr

upro wrote:

>ray <ray@zianet.com> writes:
>
>
>
>Thanks to both of you!
>
>My actual task was to add automatically some 80 users to a new
>system. I'm in the luxury situation of setting up and deploying a
>_very_ nice network from scratch, with all the accessoires and
>services I desire...
>
>But inventing, copying and pasting some 80 paswords to the shadow file
>seems ... rather non-unix like to me... SO I tried to find a
>"workaround"...
>
>And now: Any ideas why my line above wouldn't work?
>
>Michael
>
>
Here's a hint -- use the cvspas program to generate an encrypted
password for "changeme" (pretty typical setup for a new user). Notice
that the program produces "userassword?" Copy-paste that into
/etc/shadow, use an editor, add the colons and group numbers, paste as
many as you need, change all the "user" to "whoever" and away you go.
You can also make that password expire immediately (see the man page for
passwd) so the user is forced to change it on first login.

It ain't automagic, but it do work. Then, of course, you've got the
little additional problem of /etc/passwd, home directories and all that,
but...

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

upro wrote:
> ray <ray@zianet.com> writes:
>
>
>>On Wed, 17 Nov 2004 15:11:30 +0100, upro wrote:
>>
>>
>>>Hi there!
>>>
>>>
>>>I have been generating passwords for users automatically with the
>>>following method:
>>>
>>>/usr/bin/mkpasswd -s 0 -v username
>>>
>>>I'm the sysadmin on a Slack 10.0 system.
>>>
>>>The passwords are generated (you have to wait some seconds), and there
>>>is actually something written to the /etc/shadow file. But they won't
>>>work!
>>>
>>>Can someone please help me, I have no idea why they should not work!
>>>
>>>Thank You In Advance,
>>
>>
>>I would suggest you rethink the problem. I always been against generated
>>passwords. Why? Because I could never remember the damned things - first
>>thing I would always do was write down the password - defeats the security
>>it's supposed to enhance.
>>
>
>
> Thanks to both of you!
>
> My actual task was to add automatically some 80 users to a new
> system.

Hmmm. Recently, I was in a similar situation, but with a smaller number
of users (~20 or so). I used the newusers(8) command to add the users
from a file, and generated the file with a bit of scripting. You might
want to look at the newusers(8) command, along with the chpasswd(8) and
mkpasswd(8) commands.


- --

Lew Pitcher, IT Consultant, Enterprise Data Systems
Enterprise Technology Solutions, TD Bank Financial Group

(Opinions expressed here are my own, not my employer's)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)

iD8DBQFBm4Y1agVFX4UWr64RAgA9AKC2vsJWaP4uBXnk7VnOrS 4qMQSf8gCgtfmg
bS7l7QHhntcuGU3C82JFsf8=
=9+lw
-----END PGP SIGNATURE-----

On Wed, 17 Nov 2004 14:42:29 +0000, Thomas Ronayne wrote:

> upro wrote:
>
>>Hi there!
>>
>>
>>I have been generating passwords for users automatically with the
>>following method:
>>
>>/usr/bin/mkpasswd -s 0 -v username
>>
>>I'm the sysadmin on a Slack 10.0 system.
>>
>>The passwords are generated (you have to wait some seconds), and there
>>is actually something written to the /etc/shadow file. But they won't
>>work!
>>
>>Can someone please help me, I have no idea why they should not work!
>>
>>Thank You In Advance,
>>
>>
> Try the following.
<snip>

I don't understand all the gyrations to generate phony passwords
that the users are going to change right away anyway. Just create
each account with some really dumb password, like "password",
and tell them, "Change your password first thing."

Good Luck!
Rich

Rich Grise <rich@example.net> writes:

> On Wed, 17 Nov 2004 14:42:29 +0000, Thomas Ronayne wrote:
>
>> upro wrote:
>>
>>>Hi there!
>>>
>>>
>>>I have been generating passwords for users automatically with the
>>>following method:
>>>
>>>/usr/bin/mkpasswd -s 0 -v username
>>>
>>>I'm the sysadmin on a Slack 10.0 system.
>>>
>>>The passwords are generated (you have to wait some seconds), and there
>>>is actually something written to the /etc/shadow file. But they won't
>>>work!
>>>
>>>Can someone please help me, I have no idea why they should not work!
>>>
>>>Thank You In Advance,
>>>
>>>
>> Try the following.
> <snip>
>
> I don't understand all the gyrations to generate phony passwords
> that the users are going to change right away anyway. Just create
> each account with some really dumb password, like "password",
> and tell them, "Change your password first thing."

Problem is many of them won't...

>
> Good Luck!
> Rich
>
>

--
Michael

r-znvy: zvpunry.wryqra jro.qr (chg gur "@" jurer vg svgf...)
ab fcnz cyrnfr