Go Premium for a chance to win a PS4. Enter to Win


How do I verify a password in Solaris 9 default install without using it ?  I need to script this.

Posted on 2008-10-01
Medium Priority
Last Modified: 2013-11-13
Long story short, I create a LOT of temp accounts for short term programmers from other lands.

What is the easiest way to verify they have an account and the password works WITHOUT using it.

I would like to create a little script that zips though.  

su  does not seem to behave well in a script :)

Question by:itguy411
  • 2
  • 2
  • 2
  • +2
LVL 48

Expert Comment

ID: 22618692
Do you know what the password for the accounts is or will you have to guess it?

Author Comment

ID: 22619201
I know it.  

I create it

LVL 48

Accepted Solution

Tintin earned 1200 total points
ID: 22619344
In that case, you can verify the account exists by doing

grep username: /etc/passwd

for the password, you need to extract the encrypted password from /etc/shadow and then run it through the following perl script, eg:

chkpass.pl  somepasswd a3bL.vfoZZTk6
my ($pass,$encrypted) = @ARGV;
print "Match\n" if (crypt($pass,$encrypted) eq $encrypted);

Open in new window

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

LVL 35

Expert Comment

by:Duncan Roe
ID: 22619353
If using shadow passwords, you need to be root because you have to verify passwords against /etc/shadow. Then you can run through /etc/passwd. Might be best to do with a C program - doing it in a script could be a bit of an ask
LVL 35

Expert Comment

by:Duncan Roe
ID: 22619364
Ok perl will do it
LVL 40

Expert Comment

ID: 22620125
if ftp is enabled for these users (which is the default) then you may use ftp client to access and get some file. e.g. you can use

wget ftp://servername/etc/hosts --ftp-user=username --ftp-password=password

here link to download wget if you don't have it already installed:


please check the site for dependencies

(I know, it is not the best way to do so)

Expert Comment

ID: 22622219
It could be a risk running a script or command with username/password as an argument.
If someone makes an '$>ps -ef' during this short time they will probably see a password or worse, username and password.

I wish I had and waterproof answer but at the moment I don't.
At least you could run these tests on a closed machine where only you have access?
LVL 40

Expert Comment

ID: 22622425
the test can be run from a remote system where no users are using it

Author Closing Comment

ID: 31502136
This does work  

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post we will learn how to make Android Gesture Tutorial and give different functionality whenever a user Touch or Scroll android screen.
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
Suggested Courses
Course of the Month9 days, 10 hours left to enroll

877 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question