SUMMARY: Password generation

From: <Stan.Pietkiewicz_at_statcan.ca>
Date: Mon Jul 15 2002 - 13:47:42 EDT
My apologies for the delayed summary, but I felt that a summary should
include the solution...;-})
Thanks for the many hints. With suggestions from several list members, the
following script was what our resident Perl programmer came up with:

***************

#!/usr/local/bin/perl

############################################################################
#
# Automated password change with password generator, to be run by root 
#
# Name:		chpass
# Params:	user - Name of the user whose password is to be changed
# Purpose:	Generate & Encrypt a new password. Encrypt so that the 
#		password can be placed directly in the shadow file.
# Return:	The unencrypted password
#
############################################################################

$shadow = "/etc/shadow";
$user = shift;						# User to change
password

@passwd = split /:/, &genpass;				# New password
$pwd = $passwd[1];					# Encrypted password

open SHADOW, $shadow || die "Could not open shadow";

@lines = <SHADOW>;					# Read in all lines
of the shadow file
foreach $line (@lines) {
    if ($line =~ /$user:/) {				# Match for desired
user ($user)
        $line =~ s/:(\w*|\W*)+:/:$pwd:/;		# Substitute
password with new one
    }
}

close SHADOW || die "Close failed";			# Close the original
shadow file

`chmod o+w $shadow`;					# Set permissions to
read only 

open SHADOW, ">" . $shadow || "Could not open shadow";
print SHADOW @lines;					# Print array to
temp shadow file.
close SHADOW || die "Close failed";

`chmod o-w $shadow`;					# Set permissions to
read only 

print $passwd[0], "\n";

############################################################################
#
# Name:		genpass
# Params:	(none)
# Purpose:	Generates a password and encrypt it so that the passwd 
#		field can be placed directly in the shadow file.
# Return:	Returns a string with the password and the encrypted string
#		separated by a semi-colon
#
############################################################################

sub genpass {
    srand(time() ^ ($$ + ($$ << 15)) );			# Sets seed for
random number
    $secret = "";					# Will hold
generated password

    while (! ($secret =~ /\w{10}/)) {			# Loop generates 10
characters
        $roll = int(rand 255);
        $char = chr($roll);

        if ($char =~ /\w{1}/) {
            $secret = $secret . $char;
        }
    }

    $passwd = substr($secret, 2,10);			# Actual password
    $salt = $secret;					# Used in the
encryption function

    return $passwd . ":" . crypt($passwd, $salt);	# Return string
}

exit;

*****************************************

Original question:

I am looking for a way to generate a password (ideally relatively difficult
to guess) within a script to run on a Solaris 2.6 machine. Any ideas on how
this could be done?

Thanks....

Stan Pietkiewicz
Stan.Pietkiewicz@statcan.ca
Informatics Technology Services Division - Statistics Canada
It may be statistically possible that my opinion is the same
as someone else's - but it is still my opinion!
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Mon Jul 15 14:10:41 2002

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:49 EST