Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Hashed password within a shell script

Posted on 2011-02-16
2
Medium Priority
?
1,292 Views
Last Modified: 2012-05-11
We have a great script at work that we use to hash passwords, here how it works:

The program prompts for a user id/proccess id, then searches the ldap directories for a corresponding id. If one is found, the cn, unixid, and "last five" are extracted. The cn is echoed back to the user for verification. If this is the desired ID, the program echoes the unixid and hashed "last five" back to the user (with a random salt). Again, if the user verifies that this is, indeed, the correct entry, the unix process ID and the hashed password (again, with a random salt) are echoed back to the user.

I have a user that is creating a script. He wants to "su - appid" and does not want to pass a password within the script. So I generated a hashed password using our in-house hasher script. I provided him the hashed password for appid. But, he needs to know the source of the hash so he can figure out how to properly pass it in the script. Can someone help explain or tell me what he means? Thanks
0
Comment
Question by:AIX25
2 Comments
 
LVL 6

Accepted Solution

by:
Tomunique earned 2000 total points
ID: 34915827
Have you considered using sudo? Or equivalent?

we have several app users that need to start things such as websphere as root.
We don't give them the root password, or anything close to it.

Sudo prompts (or doesn't depending on your config options), for the users password to confirm it's truely them issuing the command.

For service accounts, where app owners need to log int othe account.  We avoid (if we can) giving out the password to the service account, so we can track who's actually using the ID, as well as change in job responsibilities  by an app owner, we can remove their access, without having to deal with changing service account passwords.

this would be the entry in sudoers (config file for sudo).

appownerid ALL=(root) NOPASSWD: /usr/bin/su - Service_account

They would modify their script to run as:
sudo su - service_account


0
 

Author Comment

by:AIX25
ID: 34919772
Ok great! Thanks for the feedback. I have a few more questions about SUDO...so I will go ahead and close this question and open a new one about SUDO setup.

Thanks again!
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
In 2017, ransomware will become so virulent and widespread that if you aren’t a victim yourself, you will know someone who is.
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses
Course of the Month7 days, 15 hours left to enroll

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question