on Thu, Jul 22, 2004 at 11:02:11PM -0700, Karsten M. Self ([EMAIL PROTECTED]) wrote:
> on Thu, Jul 22, 2004 at 07:24:01PM -0700, Scarletdown ([EMAIL PROTECTED]) wrote:
> > Paul Stolp wrote:
> > I second that recommendation. I always prefer to have passwords with
> > the following features:
> >
> > Minimum of 8 characters
> My own preference is the 'pwgen' and 'gpw' utilities included in Debian,
> combined with either the PalmOS "Keyring" utility or the vim "editing
> encrypted files transparently" hack documented at:
...incidentally, this reminded me that I had to do some locking down of
systems here. I'd managed to goof a Samba config so that the, um,
trivial Linux system password I'd entered at account creation time
wasn't replaced by the Samba password.
I *knew* I had a number of accounts (several score) to fix. But didn't
know quite which.
Installed 'john' and copied the shadow file to another system. Found
the accounts in less than five minutes.
'chpasswd' is another slick utility. Feed it a list of accounts and
passwords (hashed or plaintext) in the form:
user:password
...and it will update in bulk.
To create that file, I simply ran straight from the 'john' output:
for u in $( awk '{gsub("[()]", "", $2); print $2 }' < john.out )
do
echo "$u:$( pwgen 20 1 )"
done | chpasswd
...which generates a set of 20 character random keys even I don't know.
When the users want access to that system, I'll reset their passwords...
...unless they done been misbehavin', in which case I'll have 'em guess
for a while first ;-)
Peace.
--
Karsten M. Self <[EMAIL PROTECTED]> http://linuxmafia.com/~karsten
Ceterum censeo, Caldera delenda est.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
