[sf-perl] Creating an md5/pam encrypted password shadow entry

David Alban extasia at extasia.org
Wed Jan 24 11:07:29 PST 2007


Greetings,

An existing tool at work (internal use only) uses a pseudo shadow
file, in which each line is of the form:

  username:encrypted_password

Example:

  someuser:grrbqIj6N2BJ.

This file is used to authenticate users, and thus define for what they
can use the tool.  Just like a traditional unix login, the password
supplied interactively by the user is encrypted with the salt from the
pseudo shadow file and if there's a match, the user is authenticated.

This is working well, and there's no need to change it.  However, for
a new set of tools I need to generate a new pseudo shadow file whose
data cannot be reused from existing ones.  There will be tens of users
in the new file.

If our linux machines used the traditional thirteen character
/etc/shadow field for encrypted passwords, I could simply copy
usernames and their associated password fields into the new pseudo
shadow file.  But our linux boxes use the pam/md5 version of the
field.  Example (modified to protect the guilty):

   $1$IloW7woM$XipC0z1z6dd4ms6AUd8LR.

The field from which this particular example is derived is thirty four
characters in length.  If I could discover how to take a cleartext
password string and generate the pam/md5 version of it that would go
in a shadow file, then I really could seed the new shadow file from
existing /etc/shadow files.

Can someone point me to resources I might use to gain this knowledge.
I'll continue searching cpan and web searching, but I figured someone
might have done this before, and could point me in the right
direction.

Thanks,
David
-- 
Live in a world of your own, but always welcome visitors.


More information about the SanFrancisco-pm mailing list