Solved

Hashed password within a shell script

Posted on 2011-02-16
2
1,278 Views
Last Modified: 2012-05-11
We have a great script at work that we use to hash passwords, here how it works:

The program prompts for a user id/proccess id, then searches the ldap directories for a corresponding id. If one is found, the cn, unixid, and "last five" are extracted. The cn is echoed back to the user for verification. If this is the desired ID, the program echoes the unixid and hashed "last five" back to the user (with a random salt). Again, if the user verifies that this is, indeed, the correct entry, the unix process ID and the hashed password (again, with a random salt) are echoed back to the user.

I have a user that is creating a script. He wants to "su - appid" and does not want to pass a password within the script. So I generated a hashed password using our in-house hasher script. I provided him the hashed password for appid. But, he needs to know the source of the hash so he can figure out how to properly pass it in the script. Can someone help explain or tell me what he means? Thanks
0
Comment
Question by:AIX25
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 6

Accepted Solution

by:
Tomunique earned 500 total points
ID: 34915827
Have you considered using sudo? Or equivalent?

we have several app users that need to start things such as websphere as root.
We don't give them the root password, or anything close to it.

Sudo prompts (or doesn't depending on your config options), for the users password to confirm it's truely them issuing the command.

For service accounts, where app owners need to log int othe account.  We avoid (if we can) giving out the password to the service account, so we can track who's actually using the ID, as well as change in job responsibilities  by an app owner, we can remove their access, without having to deal with changing service account passwords.

this would be the entry in sudoers (config file for sudo).

appownerid ALL=(root) NOPASSWD: /usr/bin/su - Service_account

They would modify their script to run as:
sudo su - service_account


0
 

Author Comment

by:AIX25
ID: 34919772
Ok great! Thanks for the feedback. I have a few more questions about SUDO...so I will go ahead and close this question and open a new one about SUDO setup.

Thanks again!
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Image not there 4 76
mysql Encryption with PHP 8 119
How to boot to CD after logging into McAfee Encryption but below Windows login. 7 95
check the file dates in unix 14 77
By default, Carbonite Server Backup manages your encryption key for you using Advanced Encryption Standard (AES) 128-bit encryption. If you choose to manage your private encryption key, your backups will be encrypted using AES 256-bit encryption.
Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question