A PHP Error was encountered

Severity: 8192

Message: Methods with the same name as their class will not be constructors in a future version of PHP; Waterfall_Cache has a deprecated constructor

Filename: _common/waterfall_cache.php

Line Number: 47

A PHP Error was encountered

Severity: 8192

Message: Methods with the same name as their class will not be constructors in a future version of PHP; Cache_System has a deprecated constructor

Filename: _common/waterfall_cache.php

Line Number: 194

A PHP Error was encountered

Severity: 8192

Message: Methods with the same name as their class will not be constructors in a future version of PHP; Memcache_Cache_System has a deprecated constructor

Filename: _common/waterfall_cache.php

Line Number: 275

A PHP Error was encountered

Severity: 8192

Message: Methods with the same name as their class will not be constructors in a future version of PHP; Filesystem_Cache_System has a deprecated constructor

Filename: _common/waterfall_cache.php

Line Number: 440

A PHP Error was encountered

Severity: 8192

Message: Methods with the same name as their class will not be constructors in a future version of PHP; APC_Cache_System has a deprecated constructor

Filename: _common/waterfall_cache.php

Line Number: 628

Tip of the Trade: Strong Passwords Made Easy

Tip of the Trade: Strong Passwords Made Easy

By Carla Schroder (Send Email)
Posted Aug 6, 2007


Discuss this article in the ServerWatch discussion forum

Add Linux users to your network more securely with a series of simple scripts. A script in pwgen generates a random 8-character password that can use openssl to create an MD5 hash, which the useradd command then uses to enter the new hashed password into /etc/shadow.

Adding new users to a Linux system is pretty easy, but you can still automate and save a few steps by using a simple script that incorporates standard commands. This simple script uses pwgen to generate a random 8-character password. Then it uses openssl to create an MD5 hash, which the useradd command then uses to enter the new hashed password into /etc/shadow. You don't need to use the passwd command.

#!/bin/sh
USER=$1
PASSWORD=`pwgen -cn -1`
PW_HASH=`openssl passwd -1 ${PASSWORD}`
useradd  -p ${PW_HASH} ${USER}
echo Your new user account has been created with the username \"${USER}\", and the password \"${PASSWORD}\".

Give the script a catchy name like usergen, and be sure to make it executable. The only option, and it is required, is to supply the username:

# ./usergen  fcracker
Password:
Your new user account has been created with the username "fcracker", 
		and the password "osh9ExiY".

You can easily tweak it by using the standard options for the individual commands, such as adding your users to extra groups, or assigning a non-default login shell. There are some useradd differences in the various Linux distributions. For example, on Debian, the default is to not create a home directory. On Fedora, a home directory is created by default. So Debian users must use useradd -m to create a properly populated home directory. Adding users to extra groups is the same on both Fedora and Debian: useradd -G group1,group2,group3. The groups must already exist.

Want to know what the other openssl passwd options are? See man 1ssl passwd, or make a mistake on purpose:

$ openssl passwd -fffooo
Usage: passwd [options] [passwords]
where options are
-crypt             standard Unix password algorithm (default)
-1                 MD5-based password algorithm

-apr1              MD5-based password algorithm, Apache variant
[...]

Notice that there is no automatic expiration on the password to force the user to create a new password at first login. This is because we went to the trouble of creating a strong password; that's the one the user retains.

Page 1 of 1

Thanks for your registration, follow us on our social networks to keep up-to-date