[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 363
  • Last Modified:

How do I verify a password in Solaris 9 default install without using it ? I need to script this.

Long story short, I create a LOT of temp accounts for short term programmers from other lands.

What is the easiest way to verify they have an account and the password works WITHOUT using it.

I would like to create a little script that zips though.  

su  does not seem to behave well in a script :)


0
itguy411
Asked:
itguy411
  • 2
  • 2
  • 2
  • +2
1 Solution
 
TintinCommented:
Do you know what the password for the accounts is or will you have to guess it?
0
 
itguy411Author Commented:
I know it.  

I create it

0
 
TintinCommented:
In that case, you can verify the account exists by doing

grep username: /etc/passwd

for the password, you need to extract the encrypted password from /etc/shadow and then run it through the following perl script, eg:

chkpass.pl  somepasswd a3bL.vfoZZTk6
#!/usr/bin/perl
my ($pass,$encrypted) = @ARGV;
print "Match\n" if (crypt($pass,$encrypted) eq $encrypted);

Open in new window

0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
Duncan RoeSoftware DeveloperCommented:
If using shadow passwords, you need to be root because you have to verify passwords against /etc/shadow. Then you can run through /etc/passwd. Might be best to do with a C program - doing it in a script could be a bit of an ask
0
 
Duncan RoeSoftware DeveloperCommented:
Ok perl will do it
0
 
omarfaridCommented:
if ftp is enabled for these users (which is the default) then you may use ftp client to access and get some file. e.g. you can use


wget ftp://servername/etc/hosts --ftp-user=username --ftp-password=password

here link to download wget if you don't have it already installed:

ftp://ftp.sunfreeware.com/pub/freeware/sparc/9/wget-1.11.4-sol9-sparc-local.gz

please check the site for dependencies

(I know, it is not the best way to do so)
0
 
peter991Commented:
It could be a risk running a script or command with username/password as an argument.
If someone makes an '$>ps -ef' during this short time they will probably see a password or worse, username and password.

I wish I had and waterproof answer but at the moment I don't.
At least you could run these tests on a closed machine where only you have access?
0
 
omarfaridCommented:
the test can be run from a remote system where no users are using it
0
 
itguy411Author Commented:
This does work  
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 2
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now