Skip to content
Advertisement

check password linux user

I am on debian 9. I have a problem to check the password of a linux user in my scripts. I realized that the different linux tools for creating and modifying a user password gave results of different pattern in /etc/shadow

To create a user

pwLinux="abcdef1234"
userLinux="toto02"
pwCrypt=$(perl -e 'print crypt($ARGV[0], "zzz")' $pwLinux)
useradd -m -G adm,dip,plugdev,www-data,sudo -p $pwCrypt $userLinux

I have in /etc/shadow

toto02:zzDxrNjXuUs3U:17469:0:99999:7:::

In another script I want check the password input by the user with

USERNAME="toto02"
PASSWD="abcdef1234"
ORIGPASS=`grep -w "$USERNAME" /etc/shadow | cut -d: -f2`
ORIGPASS=`echo $ORIGPASS | cut -d"$" -f2`

GENPASS=$(perl -e 'print crypt($ARGV[0], "zzz")' $PASSWD)
if [ "$GENPASS" == "$ORIGPASS" ]; then
   echo "Valid Password"
   exit 0
else
   echo "Invalid Password"
   exit 1
fi

it’s ok The trouble starts here: if I want to change passwords in a script I use

# username "toto02", newPwd "aabbcc"
echo "${username}:${newPwd}" | chpasswd

I can not use passwd because everything has to be done without interactivity.

I have in /etc/shadow

toto02:$6$rLklwx9K$Brv4lvNjR.S7f8i.Lmt8.iv8pgcbKhwDgINzhT1XwCBbD7XkB98lCtwUK3/4hdylkganoLuh/eIc38PtMArgZ/:17469:0:99999:7:::

If i want to check this password i must use a different script.
First problem how to have the same pattern of password in both cases?

i use:

#!/bin/bash

USERNAME="toto02"
PASSWD="aabbcc"
ORIGPASS=`grep -w "$USERNAME" /etc/shadow | cut -d: -f2`
export ALGO=`echo $ORIGPASS | cut -d"$" -f2`
export SALT=`echo $ORIGPASS | cut -d"$" -f3`
echo "algo: -$ALGO-"
echo "salt: -$SALT-"
echo "pwd entré: -$PASSWD-"
echo "shadow:        -$ORIGPASS-"
GENPASS="$(perl -e 'print crypt("$ENV{PSWD}","$$ENV{ALGO}$$ENV{SALT}$")')" 
echo "pwd généré: -$GENPASS-"

if [ "$GENPASS" == "$ORIGPASS" ]; then
   echo "Valid Password"
   exit 0
else
   echo "Invalid Password"
   exit 1
fi

Which give:

algo: -6-
salt: -rLklwx9K-
pwd entré: -aabbcc-
shadow:        -$6$rLklwx9K$Brv4lvNjR.S7f8i.Lmt8.iv8pgcbKhwDgINzhT1XwCBbD7XkB98lCtwUK3/4hdylkganoLuh/eIc38PtMArgZ/-
pwd généré: -$6$rLklwx9K$AIX1bUMAK9bwdd2g3ST5VtXTvHlHXHxnh4Xj.fLdxjaEkAAvHeeN5islid0wtmZN5u1zWQBup./IP8IH9i6W7/-
Invalid Password

The generated chain is different! why? How to cure it ?
Thank you

Advertisement

Answer

Replace PSWD with PASSWD and replace PASSWD="aabbcc" with export PASSWD="aabbcc".

User contributions licensed under: CC BY-SA
5 People found this is helpful
Advertisement