Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Hashed password within a shell script

Posted on 2011-02-16
2
Medium Priority
?
1,287 Views
Last Modified: 2012-05-11
We have a great script at work that we use to hash passwords, here how it works:

The program prompts for a user id/proccess id, then searches the ldap directories for a corresponding id. If one is found, the cn, unixid, and "last five" are extracted. The cn is echoed back to the user for verification. If this is the desired ID, the program echoes the unixid and hashed "last five" back to the user (with a random salt). Again, if the user verifies that this is, indeed, the correct entry, the unix process ID and the hashed password (again, with a random salt) are echoed back to the user.

I have a user that is creating a script. He wants to "su - appid" and does not want to pass a password within the script. So I generated a hashed password using our in-house hasher script. I provided him the hashed password for appid. But, he needs to know the source of the hash so he can figure out how to properly pass it in the script. Can someone help explain or tell me what he means? Thanks
0
Comment
Question by:AIX25
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 6

Accepted Solution

by:
Tomunique earned 2000 total points
ID: 34915827
Have you considered using sudo? Or equivalent?

we have several app users that need to start things such as websphere as root.
We don't give them the root password, or anything close to it.

Sudo prompts (or doesn't depending on your config options), for the users password to confirm it's truely them issuing the command.

For service accounts, where app owners need to log int othe account.  We avoid (if we can) giving out the password to the service account, so we can track who's actually using the ID, as well as change in job responsibilities  by an app owner, we can remove their access, without having to deal with changing service account passwords.

this would be the entry in sudoers (config file for sudo).

appownerid ALL=(root) NOPASSWD: /usr/bin/su - Service_account

They would modify their script to run as:
sudo su - service_account


0
 

Author Comment

by:AIX25
ID: 34919772
Ok great! Thanks for the feedback. I have a few more questions about SUDO...so I will go ahead and close this question and open a new one about SUDO setup.

Thanks again!
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
In 2017, ransomware will become so virulent and widespread that if you aren’t a victim yourself, you will know someone who is.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question