Solved

Hashed password within a shell script

Posted on 2011-02-16
2
1,274 Views
Last Modified: 2012-05-11
We have a great script at work that we use to hash passwords, here how it works:

The program prompts for a user id/proccess id, then searches the ldap directories for a corresponding id. If one is found, the cn, unixid, and "last five" are extracted. The cn is echoed back to the user for verification. If this is the desired ID, the program echoes the unixid and hashed "last five" back to the user (with a random salt). Again, if the user verifies that this is, indeed, the correct entry, the unix process ID and the hashed password (again, with a random salt) are echoed back to the user.

I have a user that is creating a script. He wants to "su - appid" and does not want to pass a password within the script. So I generated a hashed password using our in-house hasher script. I provided him the hashed password for appid. But, he needs to know the source of the hash so he can figure out how to properly pass it in the script. Can someone help explain or tell me what he means? Thanks
0
Comment
Question by:AIX25
2 Comments
 
LVL 6

Accepted Solution

by:
Tomunique earned 500 total points
ID: 34915827
Have you considered using sudo? Or equivalent?

we have several app users that need to start things such as websphere as root.
We don't give them the root password, or anything close to it.

Sudo prompts (or doesn't depending on your config options), for the users password to confirm it's truely them issuing the command.

For service accounts, where app owners need to log int othe account.  We avoid (if we can) giving out the password to the service account, so we can track who's actually using the ID, as well as change in job responsibilities  by an app owner, we can remove their access, without having to deal with changing service account passwords.

this would be the entry in sudoers (config file for sudo).

appownerid ALL=(root) NOPASSWD: /usr/bin/su - Service_account

They would modify their script to run as:
sudo su - service_account


0
 

Author Comment

by:AIX25
ID: 34919772
Ok great! Thanks for the feedback. I have a few more questions about SUDO...so I will go ahead and close this question and open a new one about SUDO setup.

Thanks again!
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

By default, Carbonite Server Backup manages your encryption key for you using Advanced Encryption Standard (AES) 128-bit encryption. If you choose to manage your private encryption key, your backups will be encrypted using AES 256-bit encryption.
Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question