Friday, December 19, 2008

Unattended Password Creation Failing?

Earlier, I was asked if I had any good solutions for scripting a user account generator in bash -- asking the user what they had already, I received:

useradd -n -g users -p [password] -s /bin/false [username]

I asked what the problem seemed to be, and the response was the password didn't seem to work -- if they used 'passwd' interactively, it'd work -- but unattended, it failed.

Having a look at the useradd manual, we see:

-p -- The encrypted password, as returned by crypt(3).

After trying various combinations - I thought about OpenSSL. What if I gave it the password and got it to do the crypt work first, then fed the encrypted string to useradd?

Something like:

crypt="openssl passwd -crypt $clear"


useradd -n -g users -p $crypt -s /bin/false [username]

exit $?

Cut and Paste the above into a script and instantly you have a semi-autonomous way of adding generated (or defined) passwords to your machine, all with the help of OpenSSL.

No comments: