Solved

Hashed password within a shell script

Posted on 2011-02-16
2
1,272 Views
Last Modified: 2012-05-11
We have a great script at work that we use to hash passwords, here how it works:

The program prompts for a user id/proccess id, then searches the ldap directories for a corresponding id. If one is found, the cn, unixid, and "last five" are extracted. The cn is echoed back to the user for verification. If this is the desired ID, the program echoes the unixid and hashed "last five" back to the user (with a random salt). Again, if the user verifies that this is, indeed, the correct entry, the unix process ID and the hashed password (again, with a random salt) are echoed back to the user.

I have a user that is creating a script. He wants to "su - appid" and does not want to pass a password within the script. So I generated a hashed password using our in-house hasher script. I provided him the hashed password for appid. But, he needs to know the source of the hash so he can figure out how to properly pass it in the script. Can someone help explain or tell me what he means? Thanks
0
Comment
Question by:AIX25
2 Comments
 
LVL 6

Accepted Solution

by:
Tomunique earned 500 total points
Comment Utility
Have you considered using sudo? Or equivalent?

we have several app users that need to start things such as websphere as root.
We don't give them the root password, or anything close to it.

Sudo prompts (or doesn't depending on your config options), for the users password to confirm it's truely them issuing the command.

For service accounts, where app owners need to log int othe account.  We avoid (if we can) giving out the password to the service account, so we can track who's actually using the ID, as well as change in job responsibilities  by an app owner, we can remove their access, without having to deal with changing service account passwords.

this would be the entry in sudoers (config file for sudo).

appownerid ALL=(root) NOPASSWD: /usr/bin/su - Service_account

They would modify their script to run as:
sudo su - service_account


0
 

Author Comment

by:AIX25
Comment Utility
Ok great! Thanks for the feedback. I have a few more questions about SUDO...so I will go ahead and close this question and open a new one about SUDO setup.

Thanks again!
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
Explore the encryption capabilities built into Google Apps and how these features can help you meet privacy policy and regulatory compliance, but are not a full solution. Understand and compare the most popular email encryption services for Google A…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now