[Chicago-talk] accessing NIS password

Richard Reina richard at rushlogistics.com
Tue Mar 14 06:30:48 PST 2006


No problem.  Thanks for the reply.

Jess Balint <jbalint at gmail.com> wrote:        v\:* {behavior:url(#default#VML);} o\:* {behavior:url(#default#VML);} w\:* {behavior:url(#default#VML);} .shape {behavior:url(#default#VML);}      st1\:*{behavior:url(#default#ieooui) }           Darren:
   
  Sorry about the previous email, I was only trying to give an example of the algorithm used to generate the encoded password, not suggesting you write it in Java. With the Crypt::PasswdMD5 module, it&#8217;s very simple. You just had one thing missing. I trimmed the program down to give just what you needed, here it the example:
   
  my $plainfromuser = 'swhaga';
   
  # from getpwd()
  $passwd = '$1$XHjgqURT$QW0eZNAONaXd2XPqkxwce1';
   
  use Crypt::PasswdMD5;
   
  my $md5salt = (split(/\$/, $passwd))[2];
   
  # $1$ designates 'unix' md5 crypt
  # MD5 salt, should be the (up to) 8 chars in between $'s in the encoded passwd,
  # see Crypt::PasswdMD5 source code for details
  my $xpass = unix_md5_crypt($plainfromuser, $md5salt);
   
  print "MD5salt: $md5salt\n";
  print "passwd              " . $passwd . "\n";
  print "MD5 Crypt pass      " . $xpass . "\n";
   
  Jess
   
      
---------------------------------
  
  From: chicago-talk-bounces+jbalint=gmail.com at pm.org [mailto:chicago-talk-bounces+jbalint=gmail.com at pm.org] On Behalf Of Richard Reina
 Sent: Monday, March 13, 2006 10:19 AM
 To: lembark at wrkhors.com; chicago-talk at mail.pm.org
 Subject: Re: [Chicago-talk] accessing NIS password
  
   
  Dear Steve,
 
 Thank you very much for the reply.  The articles returned in your search highlight some of the differences between crypt, MD5 and blowfish encryption, chiefly which versions of *nix use which and how to encrypt a raw password.  I have incorporated those encryption schemes into the script below and while the results are very interesting none of them match the linux password returned by getpwnam() for the given user -- which is not the x shadow.
 
 #!/usr/bin/perl5 -w
 
 my $username = 'gerald';
 my $plainfromuser = 'swhaga';
 my $currentsalt;
 
 my ($name, $passwd, $uid, $gid, $quota, $comment,
  $gcos, $dir, $shell) = getpwnam($username);
 
 # crypt salt
 $currentsalt = substr($passwd,0,2);
 
 # 8 random chars
 my $key = "justakey";
 
 my $cpass = crypt($plainfromuser, $currentsalt);
 
 use Crypt::PasswdMD5;
 
 my $xpass = unix_md5_crypt($plainfromuser, '$1$', $currentsalt);
 
 my $ypass = crypt($plainfromuser, '$1$' . $key);
 
 use Digest::MD5 qw(md5_base64);
 
 my $zpass = $currentsalt . md5_base64("$currentsalt/$plainfromuser/$key");
 
 print "passwd              " . $passwd . "\n";
 print "Crypt pass          " . $cpass . "\n";
 print "MD5 Crypt pass      " . $xpass . "\n";
 print "Crypt pass MD5 salt " . $ypass . "\n";
 print "MD5_base64 pass     " . $zpass . "\n";
 
 ******************************************************
 results
 ******************************************************
 passwd                             $1$XHjgqURT$QW0eZNAONaXd2XPqkxwce1
 Crypt pass                        $1ayHHS8s0NWw
 MD5 Crypt pass                $1$$lCe7AyTRcjUyl7Fdn1T4g0
 Crypt pass MD5 salt          $1$justakey$uxo5dkFTrnz.u7gtyf/QQ.
 MD5_base64 pass             $14RkT9PfSsSaSoWswj/JaDg
 
 As one can see none of the encyptions match the encypted password that I myself have set up for the bogus user "gerald" on our system.  Any help would be greatly appreicated.
 
 Thank you for your attention.
 
 Richard
 
 
 
 A people that values its privileges above its principles soon loses both.
 -Dwight D. Eisenhower.
  
  _______________________________________________
Chicago-talk mailing list
Chicago-talk at pm.org
http://mail.pm.org/mailman/listinfo/chicago-talk


A people that values its privileges above its principles soon loses both.
 -Dwight D. Eisenhower.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pm.org/pipermail/chicago-talk/attachments/20060314/f311cd12/attachment-0001.html


More information about the Chicago-talk mailing list