On 2016-02-18 11:29, Ian Lepore wrote:
On Thu, 2016-02-18 at 16:29 +0100, O. Hartmann wrote:
On Thu, 18 Feb 2016 14:52:44 +0000
RW <rwmailli...@googlemail.com> wrote:
On Thu, 18 Feb 2016 14:16:24 +0100
O. Hartmann wrote:
Hello out there,
I run into a problem and digging for a solution didn't work out.
Problem: I need a string that reflects the hashed password for the
usage with
passwd -H 0
Did you mean -h?
no, I literally mean -H 0, I explain later ...
I think the procedure is using
sha512 -s Password
and using this output for further processing, but how?
It's not as simple as that, password hashes are usually salted and
iterated. Salting means that the password is combined with a randomly
generated string stored in plaintext, which means that the password
doesn't hash to a fixed string.
I'm not sure exactly what you are trying to do, but crypt(3) may be of
help.
I'm now down to a small C routine utilizing crypt(3). But this is not what I
intend to have, since I want to use tools from the FBSD base system.
I build images of a small appliance in a secure isolated environment via
NanoBSD. I do not want to have passwords in the clear around here, but I also
do not want to type in everytime an image is created, so the idea is to have
passwords prepared as hashes in a local file/in variables. Therefore, I'm
inclined to use the option "-H 0" of the pw(1) command to provide an already
and clean hash (SHA512), which is then stored in /etc/master.passwd.
It is really funny: passwd or pw take passwords via stdin (-h 0 with pw) and
they "generate" somehow the hashed password and store that in master.password
- but I didn't find any way to pipe out the writing of the password to the
standard output from that piece of software. Why? Security concerns I forgot to
consider?
I found lots of articles and howtos to use pipes producing the required
password hashes via passwd, chpasswd or pw, but they all have one problem: I
have to provide somehow the cleartext password in an automated environment.
Maybe there is something missing ...
oh
We use something like this at work (which I don't fully understand, but
it works on freebsd 6.x through 10.x at least)...
echo ${password} | openssl passwd -1 -stdin -salt VerySalty | \
pw -V ${IMAGE_CHROOT_DIR}/etc useradd -n ${username} -H0 $*
I guess for your use you'd capture and save the output of openssl so
you could later feed it back to pw when making images.
-- Ian
_______________________________________________
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
`openssl passwd` only seems to support md5crypt
--
Allan Jude
_______________________________________________
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
