Re: [testing] shadow drive et debian

[Gaëtan Perrier]

Le samedi 15 avril 2023 à 19:01 +0200, Haricophile a écrit :
> Le Wed, 12 Apr 2023 23:10:01 +0200,
> Gaëtan Perrier  a écrit :
> 
> > Bonjour,
> > 
> > Je viens d'essayer d'installer le paquet deb shadow 8.0.10059 sur ma
> > debian testing.
> > Y a eu une erreur à la fin de l'installation du paquet mais ça s'est
> > installé quand même. Ensuite quand je lance l'appli shadow PC ça
> > m'ouvre une fenêtre me proposant de me logger via un navigateur. Ce
> > que je fais et là j'ai une erreur me disant "Connection failed" et me
> > disant que je n'ai pas de plan souscrit. Pourtant j'ai bien un shadow
> > drive. Est-ce quelqu'un rencontre le même soucis ou a réussi à se
> > connecter ?
> > 
> > Gaëtan
> 
> Plusieurs choses: 
> 
> - Ne pas confondre Shadow (l'ordinateur «cloud») et Shadow Drive (le
>   stockage cloud) !  Le paquet Debian n'est pas pour Shadow Drive, mais
>   pour l'ordinateur virtuel.
>   Donc avec la version appimage de Shadow DRIVE ça fonctionne très bien
>   chez moi.

Aahh !! C'est super pas clair sur la page de
téléchargement !
Maintenant ça fonctionne nickel ! :)

Merci beaucoup !

A+

Gaëtan





signature.asc
Description: This is a digitally signed message part

Re: [testing] shadow drive et debian

[Haricophile]

Le Wed, 12 Apr 2023 23:10:01 +0200,
Gaëtan Perrier  a écrit :

> Bonjour,
> 
> Je viens d'essayer d'installer le paquet deb shadow 8.0.10059 sur ma
> debian testing.
> Y a eu une erreur à la fin de l'installation du paquet mais ça s'est
> installé quand même. Ensuite quand je lance l'appli shadow PC ça
> m'ouvre une fenêtre me proposant de me logger via un navigateur. Ce
> que je fais et là j'ai une erreur me disant "Connection failed" et me
> disant que je n'ai pas de plan souscrit. Pourtant j'ai bien un shadow
> drive. Est-ce quelqu'un rencontre le même soucis ou a réussi à se
> connecter ?
> 
> Gaëtan

Plusieurs choses: 

- Ne pas confondre Shadow (l'ordinateur «cloud») et Shadow Drive (le
  stockage cloud) !  Le paquet Debian n'est pas pour Shadow Drive, mais
  pour l'ordinateur virtuel.
  Donc avec la version appimage de Shadow DRIVE ça fonctionne très bien
  chez moi.

- Si tu as des problème de connexion avec Firefox, essaye avec un
  profil vierge ou essaye avec Chromium. Je n'ai pas analysé finement,
  mais les container de Firefox ou des extensions peuvent
  éventuellement bloquer la procédure d'identification.

- Pour conserver le mot de passe sans ouvrir systématiquement le
  navigateur, ça fonctionne avec kwallet lancé, mais pas avec le truc
  de gnome, ou en tout cas pas out-of-box.

En dehors de ça j'utilise Shadow Drive de manière très satisfaisante,
ça marche autrement mieux que ce foutu Hubic !

Re: [testing] shadow drive et debian

[didier gaumet]

Je ne vais pas pouvoir être précis, ju n'utilise pas shadow et je n'ai
pas de souscription non plus

Il y a ici une liste de messages d'erreurs:
https://support.shadow.tech/hc/fr/articles/4763938067356-Codes-et-messages-d-erreur

Et particulièrement les L102/L104 qui pourraient s'appliquer:
https://support.shadow.tech/hc/fr/articles/360023594573-L-102-L-104-Le-launcher-n-a-pas-r%C3%A9ussi-%C3%A0-se-connecter-%C3%A0-Shadow

(info pas forcément utile pour toi) Au cas où tu voudrais passer par
d'autres clients que le clientb Shadow pour accéder à ton compte, on
peut y accéder par WebDav
https://support.shadow.tech/hc/fr/articles/6822936446364-Comment-connecter-un-logiciel-tiers-%C3%A0-Shadow-Drive-en-utilisant-le-protocole-WebDAV
-

sino ils ont un support, je pense que tu peux y faire appel, surout si
tu paies un abonnement ;-)
https://support.shadow.tech/hc/fr/categories/360001379574-Contacter-le-support

Re: [testing] shadow drive et debian

[Gaëtan Perrier]

Le jeudi 13 avril 2023 à 12:17 +0200, didier gaumet a écrit :
> Le mercredi 12 avril 2023 à 23:10 +0200, Gaëtan Perrier a écrit :
> > Bonjour,
> > 
> > Je viens d'essayer d'installer le paquet deb shadow 8.0.10059 sur ma
> > debian
> > testing.
> > Y a eu une erreur à la fin de l'installation du paquet mais ça s'est
> > installé
> > quand même. Ensuite quand je lance l'appli shadow PC ça m'ouvre une
> > fenêtre me
> > proposant de me logger via un navigateur. Ce que je fais et là j'ai
> > une erreur
> > me disant "Connection failed" et me disant que je n'ai pas de plan
> > souscrit.
> > Pourtant j'ai bien un shadow drive.
> > Est-ce quelqu'un rencontre le même soucis ou a réussi à se connecter
> > ?
> > 
> > Gaëtan
> 
> Bonjour,
> 
> tu as installé le paquet par dpkg ou apt (apt me semble préférable
> parce qu'il installe les dépendances)? quel était le message d'erreur?
> à la milite, purge et réinstalle pour avoir le message d'erreur parce
> que par définition, si il y a un message d'erreur, ça peut être un
> problème...
> (mais bon j'en sais rien, je ne connais pas Shadow (la société derrière
> et l'outil), j'ai juste lu que l'outil est basé sur Nextcloud)  
> 

J'ai purgé et réinstallé mais plus d'erreur mais ça ne fonctionne pas mieux
pour autant ...
Sinon shadow c'est le remplaçant de Hubic et c'est OVH derrière.

A+

Gaëtan


signature.asc
Description: This is a digitally signed message part

Re: [testing] shadow drive et debian

[didier gaumet]

Le mercredi 12 avril 2023 à 23:10 +0200, Gaëtan Perrier a écrit :
> Bonjour,
> 
> Je viens d'essayer d'installer le paquet deb shadow 8.0.10059 sur ma
> debian
> testing.
> Y a eu une erreur à la fin de l'installation du paquet mais ça s'est
> installé
> quand même. Ensuite quand je lance l'appli shadow PC ça m'ouvre une
> fenêtre me
> proposant de me logger via un navigateur. Ce que je fais et là j'ai
> une erreur
> me disant "Connection failed" et me disant que je n'ai pas de plan
> souscrit.
> Pourtant j'ai bien un shadow drive.
> Est-ce quelqu'un rencontre le même soucis ou a réussi à se connecter
> ?
> 
> Gaëtan

Bonjour,

tu as installé le paquet par dpkg ou apt (apt me semble préférable
parce qu'il installe les dépendances)? quel était le message d'erreur?
à la milite, purge et réinstalle pour avoir le message d'erreur parce
que par définition, si il y a un message d'erreur, ça peut être un
problème...
(mais bon j'en sais rien, je ne connais pas Shadow (la société derrière
et l'outil), j'ai juste lu que l'outil est basé sur Nextcloud)  

Re: [testing] shadow drive et debian

[Gaëtan Perrier]

Le jeudi 13 avril 2023 à 00:42 +0200, Bernard Schoenacker a écrit :
> 
> 
> - Mail original -
> De: "Gaëtan Perrier" 
> À: "liste.debian" 
> Envoyé: Mercredi 12 Avril 2023 23:10:01
> Objet: [testing] shadow drive et debian
> 
> Bonjour,
> 
> Je viens d'essayer d'installer le paquet deb shadow 8.0.10059 sur ma debian
> testing.
> Y a eu une erreur à la fin de l'installation du paquet mais ça s'est installé
> quand même. Ensuite quand je lance l'appli shadow PC ça m'ouvre une fenêtre
> me
> proposant de me logger via un navigateur. Ce que je fais et là j'ai une
> erreur
> me disant "Connection failed" et me disant que je n'ai pas de plan souscrit.
> Pourtant j'ai bien un shadow drive.
> Est-ce quelqu'un rencontre le même soucis ou a réussi à se connecter ?
> 
> Gaëtan
> 
> Bonjour,
> 
> Merci de bien vouloir relire ce didacticiel et d'indiquer si possible
> les endroits qui posent un problème :
> 
> https://support.shadow.tech/hc/fr/articles/360008252593-Installation-de-l-application-Shadow-sur-Ubuntu-et-ajout-du-support-Wayland
> 
> paquet à installer et qui sont prérequis :
> 
> sudo apt install -y  libva-glx2 libvdpau1 libva-drm2 libcurl4 libva-wayland2
> 
> Etape 3 : Ajoutez à "L'input group"
> 
> sudo usermod -a -G input $USER
> 
> Etape 1 : Activer le module "input"
> 
> echo "uinput" > /etc/modules-load.d/uinput.conf
> 
> Etape 2 : Donner la permission à Shadow d'utiliser le module "input"
> 
> echo -e ' KERNEL=="uinput", MODE="0660", GROUP="shadow-input" '>>
> /etc/udev/rules.d/65-shadow-client.rules
> 
> 
> Etape 3 : Ajouter l'utilisateur au groupe shadow-input
> 
> usermod -a -G shadow-input $USER
> 
> Merci
> 
> @+
> 
> Bernard
> 
> 

Salut,

Mon problème est bien après tout ça, comme indiqué dans mon premier message,
c'est lors de la connexion qu'il y a problème.

Gaëtan


signature.asc
Description: This is a digitally signed message part

Re: [testing] shadow drive et debian

[Gaëtan Perrier]

Le mercredi 12 avril 2023 à 23:10 +0200, Gaëtan Perrier a écrit :
> Bonjour,
> 
> Je viens d'essayer d'installer le paquet deb shadow 8.0.10059 sur ma debian
> testing.
> Y a eu une erreur à la fin de l'installation du paquet mais ça s'est installé
> quand même. Ensuite quand je lance l'appli shadow PC ça m'ouvre une fenêtre
> me
> proposant de me logger via un navigateur. Ce que je fais et là j'ai une
> erreur
> me disant "Connection failed" et me disant que je n'ai pas de plan souscrit.
> Pourtant j'ai bien un shadow drive.
> Est-ce quelqu'un rencontre le même soucis ou a réussi à se connecter ?
> 
> Gaëtan

Info supplémentaire, si je lance shadow-prod en CLI j'ai ces erreurs:
libva error: vaGetDriverNameByIndex() failed with unknown libva error,
river_name = (null)
[84551:0413/011431.194972:ERROR:nss_util.cc(286)] After loading Root Certs,
loaded==false: NSS error code: -8018

Mais je ne sais pas si c'est lié au problème.

Gaëtan


signature.asc
Description: This is a digitally signed message part

Re: [testing] shadow drive et debian

[Bernard Schoenacker]

- Mail original -
De: "Gaëtan Perrier" 
À: "liste.debian" 
Envoyé: Mercredi 12 Avril 2023 23:10:01
Objet: [testing] shadow drive et debian

Bonjour,

Je viens d'essayer d'installer le paquet deb shadow 8.0.10059 sur ma debian
testing.
Y a eu une erreur à la fin de l'installation du paquet mais ça s'est installé
quand même. Ensuite quand je lance l'appli shadow PC ça m'ouvre une fenêtre me
proposant de me logger via un navigateur. Ce que je fais et là j'ai une erreur
me disant "Connection failed" et me disant que je n'ai pas de plan souscrit.
Pourtant j'ai bien un shadow drive.
Est-ce quelqu'un rencontre le même soucis ou a réussi à se connecter ?

Gaëtan

Bonjour,

Merci de bien vouloir relire ce didacticiel et d'indiquer si possible
les endroits qui posent un problème :

https://support.shadow.tech/hc/fr/articles/360008252593-Installation-de-l-application-Shadow-sur-Ubuntu-et-ajout-du-support-Wayland

paquet à installer et qui sont prérequis :

sudo apt install -y  libva-glx2 libvdpau1 libva-drm2 libcurl4 libva-wayland2

Etape 3 : Ajoutez à "L'input group"

sudo usermod -a -G input $USER

Etape 1 : Activer le module "input"

echo "uinput" > /etc/modules-load.d/uinput.conf

Etape 2 : Donner la permission à Shadow d'utiliser le module "input"

echo -e ' KERNEL=="uinput", MODE="0660", GROUP="shadow-input" '>> 
/etc/udev/rules.d/65-shadow-client.rules


Etape 3 : Ajouter l'utilisateur au groupe shadow-input

usermod -a -G shadow-input $USER

Merci

@+

Bernard

[testing] shadow drive et debian

[Gaëtan Perrier]

Bonjour,

Je viens d'essayer d'installer le paquet deb shadow 8.0.10059 sur ma debian
testing.
Y a eu une erreur à la fin de l'installation du paquet mais ça s'est installé
quand même. Ensuite quand je lance l'appli shadow PC ça m'ouvre une fenêtre me
proposant de me logger via un navigateur. Ce que je fais et là j'ai une erreur
me disant "Connection failed" et me disant que je n'ai pas de plan souscrit.
Pourtant j'ai bien un shadow drive.
Est-ce quelqu'un rencontre le même soucis ou a réussi à se connecter ?

Gaëtan


signature.asc
Description: This is a digitally signed message part

Re: shadow drive

[jafiv]

Le 21/08/2022 à 12:55, Belaïd a écrit :

Bonjour,

Vu leur partenariat avec nextcloud, je penses que la fonctionnalité 
que tu cherche sera bien au rendez vous (Je n'imagine pas trop 
l'utilité d'une solution de stockage dans le cloud sans cette 
fonctionnalité)



Le dim. 21 août 2022 à 11:11, jafiv  a écrit :

Bonjour à tous,

Avant sa fermeture annoncée, j'utilisais mon compte HUBIC pour
sauvegarder un dossier  important. Le compte HUBIC est monté dans mon
arborescence comme bien expliqué par ce lien:
https://www.elysiria.fr/blog/configurer-hubic-en-tant-que-disque-distant/

Est-il possible de disposer des mêmes fonctionnalités avec Shadow
Drive?


Merci pour cette réponse encourageante.

Re: shadow drive

[Belaïd]

Bonjour,

Vu leur partenariat avec nextcloud, je penses que la fonctionnalité que tu
cherche sera bien au rendez vous (Je n'imagine pas trop l'utilité d'une
solution de stockage dans le cloud sans cette fonctionnalité)


Le dim. 21 août 2022 à 11:11, jafiv  a écrit :

> Bonjour à tous,
>
> Avant sa fermeture annoncée, j'utilisais mon compte HUBIC pour
> sauvegarder un dossier  important. Le compte HUBIC est monté dans mon
> arborescence comme bien expliqué par ce lien:
> https://www.elysiria.fr/blog/configurer-hubic-en-tant-que-disque-distant/
>
> Est-il possible de disposer des mêmes fonctionnalités avec Shadow Drive?
>
>

shadow drive

[jafiv]

Bonjour à tous,

Avant sa fermeture annoncée, j'utilisais mon compte HUBIC pour 
sauvegarder un dossier  important. Le compte HUBIC est monté dans mon 
arborescence comme bien expliqué par ce lien: 
https://www.elysiria.fr/blog/configurer-hubic-en-tant-que-disque-distant/


Est-il possible de disposer des mêmes fonctionnalités avec Shadow Drive?

Re: password hash in shadow file

[Charlie Gibbs]

On 13/03/18 09:47 AM, to...@tuxteam.de wrote:


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, Mar 13, 2018 at 05:25:18PM +0100, Sven Hartge wrote:

Adam Weremczuk <ad...@matrixscience.com> wrote:


I think it was me invoking "passwd" as root and aborting (ctrl+D)
without making any changes.  Would that be enough to update the shadow
file?


No.

You can't reverse a hash and to generate a new hash the code needs the
password for the user in plain.


Well, to be fair, the change to SHA-1 is because you can "reverse"
MD5 all too easily (where reverse just means that you find something
which hashes to a given hash, which hasn't to resemble your original
password all too much). Usually you want this something to have
some properties to be useful.

But I don't think your operating system is going to do that behind
your back ;-)


Not if it's Linux, anyway...

--
cgi...@surfnaked.ca (Charlie Gibbs)

Re: password hash in shadow file

[Richard Hector]

On 14/03/18 09:20, to...@tuxteam.de wrote:
> On Tue, Mar 13, 2018 at 07:36:19PM +0100, Sven Hartge wrote:
> 
>> But on that note: I wonder of one could create a PAM module which will
>> do just that on successful login. Once you *know* you have the right
>> password (and the PAM system has that knowledge including the plain text
>> password the user entered) just rehash it and update /etc/shadow.
> 
>> This will gradually upgrade all hashes once a user uses an account.
> 
> That would be downright sneaky :-)

That's quite common for web apps, isn't it? Not with PAM though, presumably.

Richard




signature.asc
Description: OpenPGP digital signature

Re: password hash in shadow file

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, Mar 13, 2018 at 07:36:19PM +0100, Sven Hartge wrote:
> to...@tuxteam.de wrote:

[...]

> > Well, to be fair, the change to SHA-1 is because you can "reverse" MD5
> > all too easily 
> 
> Yes, basically.
> 
> > But I don't think your operating system is going to do that behind
> > your back ;-)
> 
> It would be quite obvious when just starting "passwd" takes several days
> while it cracks your MD5 hash to replace it with a stronger one ;)

And possibly eat through a disk or two (or are rainbow tables
superfluous with current GPUs? I don't know).

All that to choose quite probably a *different* password which happens
to hash to the same MD5. Login no more possible, but now secure :)

> But on that note: I wonder of one could create a PAM module which will
> do just that on successful login. Once you *know* you have the right
> password (and the PAM system has that knowledge including the plain text
> password the user entered) just rehash it and update /etc/shadow.
> 
> This will gradually upgrade all hashes once a user uses an account.

That would be downright sneaky :-)

Cheers
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlqoMoMACgkQBcgs9XrR2kb5/ACfQEmIaxjx3bVzcA60VHbqI/UD
RbIAnifsG3fys+yUrfGLZ8PojwkZBwG1
=Xy4V
-END PGP SIGNATURE-

Re: password hash in shadow file

[Sven Hartge]

to...@tuxteam.de wrote:
> On Tue, Mar 13, 2018 at 05:25:18PM +0100, Sven Hartge wrote:
>> Adam Weremczuk <ad...@matrixscience.com> wrote:

>>> I think it was me invoking "passwd" as root and aborting (ctrl+D)
>>> without making any changes.  Would that be enough to update the
>>> shadow file?
 
>> No.
>> 
>> You can't reverse a hash and to generate a new hash the code needs
>> the password for the user in plain. 

> Well, to be fair, the change to SHA-1 is because you can "reverse" MD5
> all too easily 

Yes, basically.

> But I don't think your operating system is going to do that behind
> your back ;-)

It would be quite obvious when just starting "passwd" takes several days
while it cracks your MD5 hash to replace it with a stronger one ;)

But on that note: I wonder of one could create a PAM module which will
do just that on successful login. Once you *know* you have the right
password (and the PAM system has that knowledge including the plain text
password the user entered) just rehash it and update /etc/shadow.

This will gradually upgrade all hashes once a user uses an account.

S°

-- 
Sigmentation fault. Core dumped.

Re: password hash in shadow file

[David Wright]

On Tue 13 Mar 2018 at 15:18:35 (+), Adam Weremczuk wrote:
> Hi all,
> 
> I've just spotted that on one of my old wheezy servers root entry in
> /etc/shadow was updated just over 3 weeks ago.

Take a look at the end of a file and see if a new user/system account
has been added recently when you installed a package.
Examples: clamav logcheck avahi ntop and even debian-security-support.

If that doesn't turn up anything, just scan for the highest number
in the 3rd field. Then type (where 16933 is your number):

$ date -d "1970-01-01 +16933 days"
Thu May 12 00:00:00 CDT 2016
$

and that ought to match the last-modified timestamp.

(That example is for debian-security-support going onto one of my
wheezy systems.)

> The root password is still the same and the lastchanged count is
> much higher than 3 weeks.
> 
> The difference I've noticed is the hashed password string being much longer.
> 
> It's now prefixed with $6$ (SHA-512 algorithm) comparing with $1$
> (MD5) before the change.

Should we assume that you have evidence of the root entry with an MD5
indication but the same number in the 3rd entry as you have now?

> My first suspect was a security patch but the system was not updated
> around that time.
> 
> Has anybody seen this before and could explain?

No. Lacking a backup of shadow with an MD5 indication, all I can say
is that the same process must have been carried out here on all my
systems, and whatever that process was, it happened before 12 Sep 2016.
Doesn't seem likely.

That's the last time this backup wheezy system was booted up, and
shadow shows
file last modification 21 April 2014
birth of root password  3 April 2014
shadow root entry: root:$6$…:16163:0:9:7:::
shadow last entry: apt-cacher-ng:*:16182:0:9:7:::

Cheers,
David.

Re: password hash in shadow file

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, Mar 13, 2018 at 05:25:18PM +0100, Sven Hartge wrote:
> Adam Weremczuk <ad...@matrixscience.com> wrote:
> 
> > I think it was me invoking "passwd" as root and aborting (ctrl+D)
> > without making any changes.  Would that be enough to update the shadow
> > file?
> 
> No.
> 
> You can't reverse a hash and to generate a new hash the code needs the
> password for the user in plain. 

Well, to be fair, the change to SHA-1 is because you can "reverse"
MD5 all too easily (where reverse just means that you find something
which hashes to a given hash, which hasn't to resemble your original
password all too much). Usually you want this something to have
some properties to be useful.

But I don't think your operating system is going to do that behind
your back ;-)

Cheers
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlqoALIACgkQBcgs9XrR2kYGwwCfR0bt4g4nomrycYho2rA23L6d
BlUAn2c3RW8xuj751aC6LxJt+0T9udPT
=SGi/
-END PGP SIGNATURE-

Re: password hash in shadow file

[Adam Weremczuk]

Quite possibly I changed it to the same password.
Not sure now as it was almost a month ago but can't find any better 
explanation.

Of course hashes are meant to be irreversible.
I guess I'm trying to catch my own shadow ;)


On 13/03/18 16:19, to...@tuxteam.de wrote:

Still strange. Are you sure that you stopped "passwd" early enough?
Had you entered the password already? Twice?

Re: password hash in shadow file

[Sven Hartge]

Adam Weremczuk <ad...@matrixscience.com> wrote:

> I think it was me invoking "passwd" as root and aborting (ctrl+D)
> without making any changes.  Would that be enough to update the shadow
> file?

No.

You can't reverse a hash and to generate a new hash the code needs the
password for the user in plain. 

Grüße,
Sven.

-- 
Sigmentation fault. Core dumped.

Re: password hash in shadow file

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, Mar 13, 2018 at 04:01:52PM +, Adam Weremczuk wrote:
> I think it was me invoking "passwd" as root and aborting (ctrl+D)
> without making any changes.
> Would that be enough to update the shadow file?

Hm. That depends on which point you invoked abort at, but naively
I'd say "no". Note that the system doesn't "know" your password,
only its hash -- so if it succeeded in storing the SHA-1 of your
password (you say it didn't change, did you?) without you telling
it, then it would have to crack your MD5 password hash.

Still strange. Are you sure that you stopped "passwd" early enough?
Had you entered the password already? Twice?

Cheers
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlqn+f4ACgkQBcgs9XrR2kYu2ACePqhJ8m5QgIqwleJBpHFPo0Ng
x6sAnRpH4q2J9UqbT7aypggmxFLaIhjH
=qwpf
-END PGP SIGNATURE-

Re: password hash in shadow file

[Adam Weremczuk]

I think it was me invoking "passwd" as root and aborting (ctrl+D) 
without making any changes.

Would that be enough to update the shadow file?


On 13/03/18 15:47, to...@tuxteam.de wrote:

What I don't understand is how the system changed the hashing
method without getting you involved. You don't remember having
had to enter the root password?

That would be strange.

Cheers

Re: password hash in shadow file

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, Mar 13, 2018 at 03:18:35PM +, Adam Weremczuk wrote:
> Hi all,
> 
> I've just spotted that on one of my old wheezy servers root entry in
> /etc/shadow was updated just over 3 weeks ago.
> 
> The root password is still the same and the lastchanged count is
> much higher than 3 weeks.
> 
> The difference I've noticed is the hashed password string being much longer.
> 
> It's now prefixed with $6$ (SHA-512 algorithm) comparing with $1$
> (MD5) before the change.

Of course, moving off MD5 makes some sense. It's not burning a hole
in your system's security in this case [1], but MD5 is a bit old these
days.

> My first suspect was a security patch but the system was not updated
> around that time.
> 
> Has anybody seen this before and could explain?

What I don't understand is how the system changed the hashing
method without getting you involved. You don't remember having
had to enter the root password?

That would be strange.

Cheers

[1] /etc/shadow isn't world-readable, so if you have someone
on your system capable of reading it, you're already in hot
water; and if you have copies of /etc/shadow around there,
well... you encrypt your system backups, do you?

The only credible threat model remaining is that someone(TM)
accesses your hard disk "from the side", e.g. booting a rescue
system or taking to the screwdriver.

- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlqn8p4ACgkQBcgs9XrR2kb5DgCfSBtg2Ew8O/eHhXKV4iMEit5e
8esAniqGwtu0lYjdRGUSlAhnTwgM08Q/
=rLBv
-END PGP SIGNATURE-

password hash in shadow file

[Adam Weremczuk]

Hi all,

I've just spotted that on one of my old wheezy servers root entry in 
/etc/shadow was updated just over 3 weeks ago.


The root password is still the same and the lastchanged count is much 
higher than 3 weeks.


The difference I've noticed is the hashed password string being much longer.

It's now prefixed with $6$ (SHA-512 algorithm) comparing with $1$ (MD5) 
before the change.


My first suspect was a security patch but the system was not updated 
around that time.


Has anybody seen this before and could explain?

Thanks
Adam

Re: shadow spam (was Re: stop your mail)

[Joel Rees]

On Sun, Jul 9, 2017 at 7:53 PM, Thomas Schmitt  wrote:
> Hi,
>
[...]
>
> Joel Rees wrote:
>> (1) These messages may be a sort of generator for phishing targets.
>
> You mean that those who hit the "Smack Sender" button of their mail
> app show up as flotsam here and can be harvested without reveiling
> the harvester's mail address ?
> (This theory would imply that the reflector senders are real people
>  or their watchdog apps.)
>
> Eek. That would mean we would really have to take measures to not
> let appear most of the messages in subscriber mailboxes and archive.
> If we let this continue then we create a commercial incentive to
> flood us.

Of course, if the hypothetical "they" are looking for a commercially viable
way to harvest addresses from this list and are doing this, they've missed
something much more obvious.

And?

>> they might be setting up a noise
>> background against which to send steganographically encoded messages.
>
> That's a good one.
> We are testing ground for a novel low-bandwidth method to control
> bot nets or remote spies.

Not likely a testing ground.

> Ten hops over iPads, Galaxies, or WinPhones would be nearly as
> effective in hiding the sender as a Tor onion would be.
>
>
> Have a nice day :)
>
> Thomas
>

Did I say something about onions?

-- 
Joel Rees

One of these days I'll get someone to pay me
to design a language that combines the best of Forth and C.
Then I'll be able to leap wide instruction sets with a single #ifdef,
run faster than a speeding infinite loop with a #define,
and stop all integer size bugs with my bare cast.
http://defining-computers.blogspot.com/2017/06/reinventing-computers.html

More of my delusions:
http://reiisi.blogspot.com/2017/05/do-not-pay-modern-danegeld-ransomware.html
http://reiisi.blogspot.jp/p/novels-i-am-writing.html

Re: shadow spam (was Re: stop your mail)

[Fungi4All]

> From: scdbac...@gmx.net
> To: debian-user@lists.debian.org
>> this conversation has gone viral itself.
> It is technically interesting to see what people think how stupid we
> are. I wonder if there is any other purpose than to make me wonder ?

Politically, the motive may be by some who will need the ground to push
an agenda. First you document a threat, you allow a crisis, then play the
card of the protector. Like an antivirus agency spreading a virus. So I
would be really cautious of any who would volunteer as moderators or
those who would promote a forum, like debian.uk is, where they have
to get copies of birth certificates 3 generations back to allow a member.

> Have a nice day :)
> Thomas

Have a great night
(AK)

Re: shadow spam (was Re: stop your mail)

[Thomas Schmitt]

Hi,

Fungi4All wrote:
> I remember 2 months ago I had received a response from what appeared
> as a list member responding to some spam that was sent by me to the list.

The first thing i checked on the current spam was that it is really
distributed by the list and not sent to me directly.
"Received:" headers like this one can be trusted if no other such headers
were added by my provider gmx.net:

  Received: from bendel.debian.org ([82.195.75.100]) by mx-ha.gmx.net
(mxgmx016 [212.227.15.9]) [...] for ;
Sun, 09 Jul 2017 11:51:20 +0200

(Of course anybody could add such a header to the mail when it gets
 sent. But then gmx.net would still add its own "Received:" header,)


> this conversation has gone viral itself.

It is technically interesting to see what people think how stupid we
are. I wonder if there is any other purpose than to make me wonder ?

Maybe it's Happy Recursion Week ? GNU is Not Unix !
Or it's a Fnord, meant to trigger a sleeping brain worm.


Joel Rees wrote:
> (1) These messages may be a sort of generator for phishing targets.

You mean that those who hit the "Smack Sender" button of their mail
app show up as flotsam here and can be harvested without reveiling
the harvester's mail address ?
(This theory would imply that the reflector senders are real people
 or their watchdog apps.)

Eek. That would mean we would really have to take measures to not
let appear most of the messages in subscriber mailboxes and archive.
If we let this continue then we create a commercial incentive to
flood us.


> they might be setting up a noise
> background against which to send steganographically encoded messages.

That's a good one.
We are testing ground for a novel low-bandwidth method to control
bot nets or remote spies.
Ten hops over iPads, Galaxies, or WinPhones would be nearly as
effective in hiding the sender as a Tor onion would be.


Have a nice day :)

Thomas

shadow spam (was Re: stop your mail)

[Joel Rees]

Can I suggest two possibilities not apparently being considered?

(1) These messages may be a sort of generator for phishing targets.
(This is not currently a likely scenario, but you want to consider it.)

(2) These might be either the body of a message sent by a spatter
steganography technique, or they might be setting up a noise
background against which to send steganographically encoded
messages.

I'd suggest a third, which is true tin-foil-hat stuff, but you who are into
conspiracy theories can work that out yourselves.

Whenever I see a sudden rise in odd-looking spam, I tend to
assume something like the second possibility.

https://en.wikipedia.org/wiki/Steganography

-- 
Joel Rees

One of these days I'll get someone to pay me
to design a language that combines the best of Forth and C.
Then I'll be able to leap wide instruction sets with a single #ifdef,
run faster than a speeding infinite loop with a #define,
and stop all integer size bugs with my bare cast.
http://defining-computers.blogspot.com/2017/06/reinventing-computers.html

More of my delusions:
http://reiisi.blogspot.com/2017/05/do-not-pay-modern-danegeld-ransomware.html
http://reiisi.blogspot.jp/p/novels-i-am-writing.html

Re: /etc/shadow password hash format (migration from SuSE 9.3 to Debian Wheezy)

[Henrique de Moraes Holschuh]

On Tue, 28 May 2013, Andreas Meile wrote:
 I tried that out on a lab system where I replaced pam_unix.so into
 pam_unix2.so inside both common-auth and common-password config
 files.
 
 Result: The system nows recognizes all $2a$ (Blowfish) password
 hashes but does not longer accepts $6$ (SHA-512) password now.

Use both at the same time to check credentials, and only pam_unix to change
credentials (to migrate to sha-512 over time).  But be very careful on how
you stack them, or you will create a nasty security hole.

I strongly suggest you do a very through reading of the PAM documentation
before you attempt this.

-- 
  One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie. -- The Silicon Valley Tarot
  Henrique Holschuh


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130531011850.ga32...@khazad-dum.debian.net

Re: /etc/shadow password hash format (migration from SuSE 9.3 to Debian Wheezy)

[Andreas Meile]

Hello Recoverym4n

Thanks for your hint.

- Original Message - 
From: recovery...@gmail.com

To: debian-user@lists.debian.org
Sent: Monday, May 27, 2013 7:40 PM
Subject: Re: /etc/shadow password hash format (migration from SuSE 9.3 to 
Debian Wheezy)




Install 'libpam-unix2' package. Configure PAM as outlined
in /usr/share/doc/libpam-unix2/README.Debian. It is that simple.


I tried that out on a lab system where I replaced pam_unix.so into 
pam_unix2.so inside both common-auth and common-password config files.


Result: The system nows recognizes all $2a$ (Blowfish) password hashes but 
does not longer accepts $6$ (SHA-512) password now.


In the meantime, I migrated several user accounts to $6$ (SHA-512) hashes 
using passwd to setting new passwords so there's a $6$/$2a$ mixture in 
/etc/shadow now.


So what I actually need is a way that $6$ hashes are ok for any created new 
user account as well as invoked passwd command (=setting passwords always 
as $6$) but the authentication must accept both $2a$ and $6$, i.e. must be 
able to deal with a mixed /etc/shadow database. So existing user still can 
login with their $2a$ Blowfish hash while all my new users use a $6$ SHA-512 
hash. So I think a configuration rule to use pam_unix.so and pam_unix2.so 
simultaneously will help.


Andreas
--
Teste die PC-Sicherheit mit www.sec-check.net 




--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Archive: http://lists.debian.org/edb958b5aba84ba1aa76af5a278e9...@meilebiz.loc

/etc/shadow password hash format (migration from SuSE 9.3 to Debian Wheezy)

[Andreas Meile]

Hello Debian users

I recently migrated an old SuSE Linux 9.3 box to Debian 7 Wheezy. There I
backuped the /etc/shadow file to import the existing passwords from my users
to the new Debian environment using a vipw -s command as part of the
migration.

Result: Classic UNIX hashes (format [0-9A-Za-z]{13}) still work but those
hashs beginning with $2a$10$ don't. When resetting the user's password using
passwd as root, the new hashes begin with $6$.

Questions:
- Is there a good overview WWW link about all these
$Version$[Subversion?$] formats?
- Is there a special Debian package or system configuration parameter where
I can enable using older hash formats (but passwd still can set changes
into the new $6$ format) or is setting a new password to every affected user
the only way?

Thanks in advance.

  Andreas
--
Teste die PC-Sicherheit mit www.sec-check.net 




--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Archive: http://lists.debian.org/e77a0727989c4fc1946f0dc9e59ab...@meilebiz.loc

Re: /etc/shadow password hash format (migration from SuSE 9.3 to Debian Wheezy)

[Chris Davies]

Andreas Meile mailingli...@andreas-meile.ch asked about /etc/shadow:
 Is there a good overview WWW link about all these
 $Version$[Subversion?$] formats?

man shadow says of the encrypted password field, Refer to crypt(3)
for details on how this string is interpreted.

man 3 crypt contains a NOTES section that identifies the ID and describes
its format. Specifically, $6$salt$encrypted is SHA-512.

Chris


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/ul1c7ax19h@news.roaima.co.uk

Re: /etc/shadow password hash format (migration from SuSE 9.3 to Debian Wheezy)

[Andreas Meile]

Hello Chris

- Original Message - 
From: Chris Davies ch...@roaima.co.uk

To: debian-user@lists.debian.org
Sent: Monday, May 27, 2013 2:54 PM
Subject: Re: /etc/shadow password hash format (migration from SuSE 9.3 to 
Debian Wheezy)




man 3 crypt contains a NOTES section that identifies the ID and describes
its format. Specifically, $6$salt$encrypted is SHA-512.


Thanks for the hint. Already done:


 ID  | Method
 -
 1   | MD5
 2a  | Blowfish (not in mainline glibc; added in some
 | Linux distributions)
 5   | SHA-256 (since glibc 2.7)
 6   | SHA-512 (since glibc 2.7)


So this lights out the situation: While SuSE 9.3 used Blowfish as extended 
password encryption method, Debian Wheezy uses SHA-512 for that. A short 
view inside older Linux boxes: Squeeze also uses SHA-512, and Lenny uses MD5 
according this table.


A apt-cache search blowfish shows me a lot of Blowfish related packages. 
So is there one on it which extends the login authentication routine also to 
process Blowfish hashes in /etc/shadow or is that a much more complicate 
procedure (compiling a new kernel for example)?


Andreas
--
Teste die PC-Sicherheit mit www.sec-check.net 




--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Archive: http://lists.debian.org/f1a5ebde1a764a27949818853efe8...@meilebiz.loc

Re: /etc/shadow password hash format (migration from SuSE 9.3 to Debian Wheezy)

[Alex Mestiashvili]

On 05/27/2013 04:23 PM, Andreas Meile wrote:
 Hello Chris
 
 - Original Message - From: Chris Davies ch...@roaima.co.uk
 To: debian-user@lists.debian.org
 Sent: Monday, May 27, 2013 2:54 PM
 Subject: Re: /etc/shadow password hash format (migration from SuSE 9.3
 to Debian Wheezy)
 
 
 man 3 crypt contains a NOTES section that identifies the ID and describes
 its format. Specifically, $6$salt$encrypted is SHA-512.
 
 Thanks for the hint. Already done:
 
  ID  | Method
  -
  1   | MD5
  2a  | Blowfish (not in mainline glibc; added in some
  | Linux distributions)
  5   | SHA-256 (since glibc 2.7)
  6   | SHA-512 (since glibc 2.7)
 
 So this lights out the situation: While SuSE 9.3 used Blowfish as
 extended password encryption method, Debian Wheezy uses SHA-512 for
 that. A short view inside older Linux boxes: Squeeze also uses SHA-512,
 and Lenny uses MD5 according this table.
 
 A apt-cache search blowfish shows me a lot of Blowfish related
 packages. So is there one on it which extends the login authentication
 routine also to process Blowfish hashes in /etc/shadow or is that a much
 more complicate procedure (compiling a new kernel for example)?
 
 Andreas

Hi Andreas,

I think man login.defs will bring some light on the problem.

Regards,
Alex


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/51a377f3.8030...@biotec.tu-dresden.de

Re: /etc/shadow password hash format (migration from SuSE 9.3 to Debian Wheezy)

[recoverym4n]

On Mon, 27 May 2013 16:23:20 +0200
Andreas Meile mailingli...@andreas-meile.ch wrote:

 A apt-cache search blowfish shows me a lot of Blowfish related packages. 
 So is there one on it which extends the login authentication routine also to 
 process Blowfish hashes in /etc/shadow or is that a much more complicate 
 procedure (compiling a new kernel for example)?

 Hi.

Install 'libpam-unix2' package. Configure PAM as outlined
in /usr/share/doc/libpam-unix2/README.Debian. It is that simple.


PS Did you ever considered using a real e-mail client?


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20130527214000.fb529b7f01f0bc8ccbe26...@gmail.com

Re: Permissões de acesso a arquivos shadow com e sem sudo

[Dane]

Olá, as permissões padrões mudam de distro para distro.

No Debian o padrão é 640 mesmo, o sudo não altera permissões destes 
arquivos, não tem ligação com a constatação que você fez.


Abraço.


Em 14-03-2013 11:49, jacinto minhas pernas escreveu:


Amigos,

Estou estudando para o exame LPIC 102 e nos estudos descobri que as 
permissões de acesso aos arquivos shadow é, por padrão, 400.


Quando fui verificar em minha máquina, percebi que os referidos 
arquivos estavam com a permissão 640, sendo o grupo shadow.


Eis a dúvida: Esta mudança de permissões se deve ao fato de o sudo 
estar instalado? (supús que talvez fosse o único utilitário que 
precisasse acessar as senhas shadow)


Abraços

-- To UNSUBSCRIBE, email to 
debian-user-portuguese-requ...@lists.debian.org with a subject of 
unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: 
http://lists.debian.org/1644785024.2433233.1363272592180.javamail.tomc...@ibriss06.dlan.cinetic.de


--
Att. Dane Brand
Atua Sistemas de Informação
Skype: dane.atua
Msn: d...@atua.com.br
ICQ : 126258686
Fone: (54) 3045-4144
Celular: (54) 9673-8919
Linux User #548369
LPIC 3 - CORE


--
To UNSUBSCRIBE, email to debian-user-portuguese-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/5141e4df.2050...@atua.com.br

Re: Permissões de acesso a arquivos shadow com e sem sudo

[Dane]

Foi o que eu lhe expliquei,

O sudo não tem motivo para alterar o /etc/shadow, sendo assim ele não 
altera a permissão.


No Debian a permissão padrão é 640 é não 400 como você está dizendo.

Veja um exemplo de uma máquina sem do sudo instalado.

root@debian:~# dpkg -l |grep sudo
root@debian:~# stat -c %a /etc/shadow
640

A permissão não tem haver com o sudo, e sim o padrão do SO.


Em 14-03-2013 12:35, jacinto minhas pernas escreveu:


Dane,

Eu sei o conceito de permissões padrão, mas a questão não é essa.

A permissão de um arquivo shadow é 400, ou seja, somente leitura 
para o root e ninguém mais. Do contrário, não haveria sentido na 
existência dele.


O que eu percebi é que em todos os sistemas que opero que possuem o 
sudo instalado, a permissão do /etc/shadow é 640, sendo o root o 
proprietário e com o grupo shadow.


Eu só queria confirmar se esta mudança nas permissões é feita mesmo 
pelo sudo, ou por outro utilitário.


Abraços


At 14 Mar 2013 14:55:27 + (UTC) de Dane d...@atua.com.br:

Olá, as permissões padrões mudam de distro para distro.

No Debian o padrão é 640 mesmo, o sudo não altera permissões destes
arquivos, não tem ligação com a constatação que você fez.

Abraço.


Em 14-03-2013 11:49, jacinto minhas pernas escreveu:

 Amigos,

 Estou estudando para o exame LPIC 102 e nos estudos descobri que as
 permissões de acesso aos arquivos shadow é, por padrão, 400.

 Quando fui verificar em minha máquina, percebi que os referidos
 arquivos estavam com a permissão 640, sendo o grupo shadow.

 Eis a dúvida: Esta mudança de permissões se deve ao fato de o sudo
 estar instalado? (supús que talvez fosse o único utilitário que
 precisasse acessar as senhas shadow)

 Abraços

 -- To UNSUBSCRIBE, email to
 debian-user-portuguese-requ...@lists.debian.org with a subject of
 unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive:


http://lists.debian.org/1644785024.2433233.1363272592180.javamail.tomc...@ibriss06.dlan.cinetic.de

-- 
Att. Dane Brand

Atua Sistemas de Informação
Skype: dane.atua
Msn: d...@atua.com.br
ICQ : 126258686
Fone: (54) 3045-4144
Celular: (54) 9673-8919
Linux User #548369
LPIC 3 - CORE


-- 
To UNSUBSCRIBE, email to

debian-user-portuguese-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
listmas...@lists.debian.org
Archive: http://lists.debian.org/5141e4df.2050...@atua.com.br

-- To UNSUBSCRIBE, email to 
debian-user-portuguese-requ...@lists.debian.org with a subject of 
unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: 
http://lists.debian.org/1365768639.2439231.1363275349668.javamail.tomc...@ibriss06.dlan.cinetic.de


--
Att. Dane Brand
Atua Sistemas de Informação
Skype: dane.atua
Msn: d...@atua.com.br
ICQ : 126258686
Fone: (54) 3045-4144
Celular: (54) 9673-8919
Linux User #548369
LPIC 3 - CORE

Re: Permissões de acesso a arquivos shadow com e sem sudo

[Dane]

Que bom cara, espero ter te ajudado em algo.

Tem bastante coisas na LPI, que confundem usuários do Debian, pq ele 
acaba fazendo de uma forma diferente ou facilitando algumas coisas, e 
isto não ocorre nas outras distros.



Em 14-03-2013 13:42, jacinto minhas pernas escreveu:


Dane,

Agora entendi sua explicação.

Eu tinha achado que o sudo tivesse alguma coisa a ver, uma vez que, 
quando usado, ele faz uso das senhas shadow.


Obrigado

Abraços



At 14 Mar 2013 15:59:53 + (UTC) de Dane d...@atua.com.br:

Foi o que eu lhe expliquei,

O sudo não tem motivo para alterar o /etc/shadow, sendo assim ele
não altera a permissão.

No Debian a permissão padrão é 640 é não 400 como você está dizendo.

Veja um exemplo de uma máquina sem do sudo instalado.

root@debian:~# dpkg -l |grep sudo
root@debian:~# stat -c %a /etc/shadow
640

A permissão não tem haver com o sudo, e sim o padrão do SO.


Em 14-03-2013 12:35, jacinto minhas pernas escreveu:

Dane,

Eu sei o conceito de permissões padrão, mas a questão não é essa.

A permissão de um arquivo shadow é 400, ou seja, somente
leitura para o root e ninguém mais. Do contrário, não haveria
sentido na existência dele.

O que eu percebi é que em todos os sistemas que opero que
possuem o sudo instalado, a permissão do /etc/shadow é 640,
sendo o root o proprietário e com o grupo shadow.

Eu só queria confirmar se esta mudança nas permissões é feita
mesmo pelo sudo, ou por outro utilitário.

Abraços


At 14 Mar 2013 14:55:27 + (UTC) de Dane d...@atua.com.br:

Olá, as permissões padrões mudam de distro para distro.

No Debian o padrão é 640 mesmo, o sudo não altera
permissões destes
arquivos, não tem ligação com a constatação que você fez.

Abraço.


Em 14-03-2013 11:49, jacinto minhas pernas escreveu:

 Amigos,

 Estou estudando para o exame LPIC 102 e nos estudos
descobri que as
 permissões de acesso aos arquivos shadow é, por
padrão, 400.

 Quando fui verificar em minha máquina, percebi que os
referidos
 arquivos estavam com a permissão 640, sendo o grupo
shadow.

 Eis a dúvida: Esta mudança de permissões se deve ao fato
de o sudo
 estar instalado? (supús que talvez fosse o único
utilitário que
 precisasse acessar as senhas shadow)

 Abraços

 -- To UNSUBSCRIBE, email to
 debian-user-portuguese-requ...@lists.debian.org with a
subject of
 unsubscribe. Trouble? Contact
listmas...@lists.debian.org Archive:


http://lists.debian.org/1644785024.2433233.1363272592180.javamail.tomc...@ibriss06.dlan.cinetic.de

-- 
Att. Dane Brand

Atua Sistemas de Informação
Skype: dane.atua
Msn: d...@atua.com.br
ICQ : 126258686
Fone: (54) 3045-4144
Celular: (54) 9673-8919
Linux User #548369
LPIC 3 - CORE


-- 
To UNSUBSCRIBE, email to

debian-user-portuguese-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
listmas...@lists.debian.org
Archive: http://lists.debian.org/5141e4df.2050...@atua.com.br

-- To UNSUBSCRIBE, email to
debian-user-portuguese-requ...@lists.debian.org with a subject
of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive:

http://lists.debian.org/1365768639.2439231.1363275349668.javamail.tomc...@ibriss06.dlan.cinetic.de


-- 
Att. Dane Brand

Atua Sistemas de Informação
Skype: dane.atua
Msn:d...@atua.com.br
ICQ : 126258686
Fone: (54) 3045-4144
Celular: (54) 9673-8919
Linux User #548369
LPIC 3 - CORE



--
Att. Dane Brand
Atua Sistemas de Informação
Skype: dane.atua
Msn: d...@atua.com.br
ICQ : 126258686
Fone: (54) 3045-4144
Celular: (54) 9673-8919
Linux User #548369
LPIC 3 - CORE

Re: Permissões de acesso a arquivos shadow com e sem sudo

[Francisco Aparecido da Silva]

O conceito do sudo é super user do, ou seja faça como root. Sendo assim, 
sudo herda permissões root;


att
On 14/03/13 at 12:59pm, Dane wrote:
 Date: Thu, 14 Mar 2013 12:59:53 -0300
 From: Dane d...@atua.com.br
 To: debian-user-portuguese@lists.debian.org
 Subject: Re: Permissões de acesso a arquivos shadow com e sem sudo
 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130311
  Thunderbird/17.0.4
 
 Foi o que eu lhe expliquei,
 
 O sudo não tem motivo para alterar o /etc/shadow, sendo assim ele não
 altera a permissão.
 
 No Debian a permissão padrão é 640 é não 400 como você está dizendo.
 
 Veja um exemplo de uma máquina sem do sudo instalado.
 
 root@debian:~# dpkg -l |grep sudo
 root@debian:~# stat -c %a /etc/shadow
 640
 
 A permissão não tem haver com o sudo, e sim o padrão do SO.
 
 
 Em 14-03-2013 12:35, jacinto minhas pernas escreveu:
 
 Dane,
 
 Eu sei o conceito de permissões padrão, mas a questão não é essa.
 
 A permissão de um arquivo shadow é 400, ou seja, somente leitura
 para o root e ninguém mais. Do contrário, não haveria sentido na
 existência dele.
 
 O que eu percebi é que em todos os sistemas que opero que possuem o
 sudo instalado, a permissão do /etc/shadow é 640, sendo o root o
 proprietário e com o grupo shadow.
 
 Eu só queria confirmar se esta mudança nas permissões é feita mesmo
 pelo sudo, ou por outro utilitário.
 
 Abraços
 
 
 At 14 Mar 2013 14:55:27 + (UTC) de Dane d...@atua.com.br:
 
 Olá, as permissões padrões mudam de distro para distro.
 
 No Debian o padrão é 640 mesmo, o sudo não altera permissões destes
 arquivos, não tem ligação com a constatação que você fez.
 
 Abraço.
 
 
 Em 14-03-2013 11:49, jacinto minhas pernas escreveu:
 
  Amigos,
 
  Estou estudando para o exame LPIC 102 e nos estudos descobri que as
  permissões de acesso aos arquivos shadow é, por padrão, 400.
 
  Quando fui verificar em minha máquina, percebi que os referidos
  arquivos estavam com a permissão 640, sendo o grupo shadow.
 
  Eis a dúvida: Esta mudança de permissões se deve ao fato de o sudo
  estar instalado? (supús que talvez fosse o único utilitário que
  precisasse acessar as senhas shadow)
 
  Abraços
 
  -- To UNSUBSCRIBE, email to
  debian-user-portuguese-requ...@lists.debian.org with a subject of
  unsubscribe. Trouble? Contact listmas...@lists.debian.org
 Archive:
 
 
  http://lists.debian.org/1644785024.2433233.1363272592180.javamail.tomc...@ibriss06.dlan.cinetic.de
 
 -- Att. Dane Brand
 Atua Sistemas de Informação
 Skype: dane.atua
 Msn: d...@atua.com.br
 ICQ : 126258686
 Fone: (54) 3045-4144
 Celular: (54) 9673-8919
 Linux User #548369
 LPIC 3 - CORE
 
 
 -- To UNSUBSCRIBE, email to
 debian-user-portuguese-requ...@lists.debian.org
 with a subject of unsubscribe. Trouble? Contact
 listmas...@lists.debian.org
 Archive: http://lists.debian.org/5141e4df.2050...@atua.com.br
 
 -- To UNSUBSCRIBE, email to
 debian-user-portuguese-requ...@lists.debian.org with a subject of
 unsubscribe. Trouble? Contact listmas...@lists.debian.org
 Archive: 
 http://lists.debian.org/1365768639.2439231.1363275349668.javamail.tomc...@ibriss06.dlan.cinetic.de
 
 -- 
 Att. Dane Brand
 Atua Sistemas de Informação
 Skype: dane.atua
 Msn: d...@atua.com.br
 ICQ : 126258686
 Fone: (54) 3045-4144
 Celular: (54) 9673-8919
 Linux User #548369
 LPIC 3 - CORE
 

-- 
Francisco Aparecido da Silva (fafanet)
--
   Blog: http://blog.silva.eti.br
   http://www.twitter.com/fafanete
   http://www.identi.ca/fafanet
GNU/Linux user:239412 GPG ID:01BC73D6
--


signature.asc
Description: Digital signature

Re: /etc/shadow

[337]

Manuel Diego escribió:
 Exacto, desencriptar es imposible, por mas que haya gente que diga lo
 contrario.

 Lo que si se puede hacer es averiguar a fuerza bruta el contenido de
 la cadena. Con esto quiero decir que jamas se encontrará el reverso
 del algoritmo.

 El 02-09-2009, a las 21:17, Luis Lezcano Airaldi escribió:

 El mié, 02-09-2009 a las 19:42 -0400, joanman...@elecgtm.une.cu
 mailto:joanman...@elecgtm.une.cu
 escribió:
 Saludos listeros escribo por que quiciera saber si hay algun
 software que
 me permita desencriptar los password que bienen en fichero /etc/shadow .
 Gracias por atencion prestada

 No se pueden desencriptar.
 ;)
Te puede ayudar el programa john the ripper o crack son los
programas por excelencia para descifrar las contraseñas de /etc/shadow.
El método que usan es por fuerza bruta, a grandes rasgos lo que hacen es
que por medio de un diccionario que tu le proporcionas, va cifrando cada
palabra y la compara con la contraseña a descifrar, hasta encontrarar
una cadena similar.

Hasta pronto...


-- 
To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: /etc/shadow

[Manuel Diego]

Exacto, desencriptar es imposible, por mas que haya gente que diga lo  
contrario.


Lo que si se puede hacer es averiguar a fuerza bruta el contenido de  
la cadena. Con esto quiero decir que jamas se encontrará el reverso  
del algoritmo.


El 02-09-2009, a las 21:17, Luis Lezcano Airaldi escribió:


El mié, 02-09-2009 a las 19:42 -0400, joanman...@elecgtm.une.cu
escribió:
Saludos listeros escribo por que quiciera saber si hay algun  
software que
me permita desencriptar los password que bienen en fichero /etc/ 
shadow .

Gracias por atencion prestada


No se pueden desencriptar.
;)


--
To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org





Manuel Diego Paillafil Gamboa
man...@radiohead.cl
Móvil: 06 - 801 60 24

/etc/shadow

[joanmanuel]

Saludos listeros escribo por que quiciera saber si hay algun software que
me permita desencriptar los password que bienen en fichero /etc/shadow .
Gracias por atencion prestada


--
Administrador de Red
Empresa Eléctrica Guantánamo
Phone: (0121) 327452
Phone: (0121) 323512 Ext. 213
Jabber: joanman...@jb.elecgtm.une.cu
Jabber: joanman...@jb.une.cu
Jabber: joanmanuel1...@gmail.com
Debian GNU/Linux User# 490001
Web: http://blog-admin.elecgtm.une.cu
--


-- 
To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: /etc/shadow

[Mauro Lizaur]

2009-09-02, joanman...@elecgtm.une.cu:

 Saludos listeros escribo por que quiciera saber si hay algun software que
 me permita desencriptar los password que bienen en fichero /etc/shadow .
 Gracias por atencion prestada
 

respuesta corta: john the ripper y tiempo libre

Saludos,
Mauro

--
JID: lavaram...@jabber.org | http://lizaur.github.com/
2B82 A38D 1BA5 847A A74D 6C34 6AB7 9ED6 C8FD F9C1


-- 
To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: /etc/shadow

[Luis Lezcano Airaldi]

El mié, 02-09-2009 a las 19:42 -0400, joanman...@elecgtm.une.cu
escribió:
 Saludos listeros escribo por que quiciera saber si hay algun software que
 me permita desencriptar los password que bienen en fichero /etc/shadow .
 Gracias por atencion prestada

No se pueden desencriptar.
;)


-- 
To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Error opening /etc/shadow for reading

[Goran Dobosevic]

Hi,
I'm new to linux and have Debian Lenny for 3 month. Today when i was 
open kde user manager so i can add my self to fuse group I got this 
massages:

Error opening /etc/shadow for reading.
kde user manager was open without root pasword
edit my accaunt-add to fuse group-ok
Can't create backup file for /etc/passwd
Cannot open file /etc/group.bak for writing.
Can't create backup file for /etc/group

Before that I was try to add  my external hd to mount point.
cp /etc/fstab /etc/fstab.bak
pico  /etc/fstab
/dev/sda5   /mnt/external ntfs-3g
user,locale=en_US.utf8   0   0

rm /etc/fstab.bak

Can anybody help me?

Thanks in advance,
Goran.

--
Goran Dobosevic
www.dobosevic.com


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: Error opening /etc/shadow for reading

[Andrei Popescu]

On Wed,29.Oct.08, 07:15:12, Goran Dobosevic wrote:
 Hi,
 I'm new to linux and have Debian Lenny for 3 month. Today when i was open 
 kde user manager so i can add my self to fuse group I got this massages:
 Error opening /etc/shadow for reading.
 kde user manager was open without root pasword
 edit my accaunt-add to fuse group-ok
 Can't create backup file for /etc/passwd
 Cannot open file /etc/group.bak for writing.
 Can't create backup file for /etc/group

Have you been prompted for the root password when you started the user 
manager? What are the permissions of /etc/shadow ?

Regards,
Andrei
-- 
If you can't explain it simply, you don't understand it well enough.
(Albert Einstein)


signature.asc
Description: Digital signature

Re: Error opening /etc/shadow for reading

[Goran Dobosevic]

Andrei Popescu wrote:

On Wed,29.Oct.08, 07:15:12, Goran Dobosevic wrote:
  

Hi,
I'm new to linux and have Debian Lenny for 3 month. Today when i was open 
kde user manager so i can add my self to fuse group I got this massages:

Error opening /etc/shadow for reading.
kde user manager was open without root pasword
edit my accaunt-add to fuse group-ok
Can't create backup file for /etc/passwd
Cannot open file /etc/group.bak for writing.
Can't create backup file for /etc/group



Have you been prompted for the root password when you started the user 
manager? What are the permissions of /etc/shadow ?
  

no, before few days yes.
permissions of  /etc/shadow are defolt i don't know how to changed them :-)

Regards,
Andrei
  

Thanks for helping,
Goran

--
Goran Dobosevic
www.dobosevic.com


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: Error opening /etc/shadow for reading

[Andrei Popescu]

On Wed,29.Oct.08, 09:51:43, Goran Dobosevic wrote:
   
 no, before few days yes.

Somebody who knows KDE might help here.

 permissions of  /etc/shadow are defolt i don't know how to changed them :-)

Just to make sure everything is as it should be. Please show the output 
of 'ls -l /etc/shadow'.

Regards,
Andrei
-- 
If you can't explain it simply, you don't understand it well enough.
(Albert Einstein)


signature.asc
Description: Digital signature

Re: Error opening /etc/shadow for reading

[Goran Dobosevic]

Andrei Popescu wrote:

On Wed,29.Oct.08, 09:51:43, Goran Dobosevic wrote:
   
  

no, before few days yes.



Somebody who knows KDE might help here.

  

permissions of  /etc/shadow are defolt i don't know how to changed them :-)



Just to make sure everything is as it should be. Please show the output 
of 'ls -l /etc/shadow'.


Regards,
Andrei
  

Here it is:
~# ls -l /etc/shadow
-rw-r- 1 root shadow 850 2008-10-24 13:31 /etc/shadow

Regards,
Goran.

--
Goran Dobosevic
www.dobosevic.com


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: Error opening /etc/shadow for reading

[Emanoil Kotsev]

Goran Dobosevic wrote:

 
 
 Andrei Popescu wrote:
 On Wed,29.Oct.08, 09:51:43, Goran Dobosevic wrote:

   
 no, before few days yes.
 

 Somebody who knows KDE might help here.

   
 permissions of  /etc/shadow are defolt i don't know how to changed them
 :-)
 

 Just to make sure everything is as it should be. Please show the output
 of 'ls -l /etc/shadow'.

 Regards,
 Andrei
   
 Here it is:
 ~# ls -l /etc/shadow
 -rw-r- 1 root shadow 850 2008-10-24 13:31 /etc/shadow
 
 Regards,
 Goran.
 

you shouldn't edit /etc/shadow at your own

if you need to edit a file owned by root under kde use kdesudo in the
konsole

kdesudo kedit /etc/shadow

/etc/shadow should be manipulated with the passwd utilities

in kde control centre you have user management, this should do the job for
you

regards


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: Error opening /etc/shadow for reading

[Andrei Popescu]

On Wed,29.Oct.08, 10:15:28, Goran Dobosevic wrote:

 Andrei Popescu wrote:
 On Wed,29.Oct.08, 09:51:43, Goran Dobosevic wrote:
  
 no, before few days yes.
 
 Somebody who knows KDE might help here.

Thinking about it, you could try starting kuser from a terminal and see 
if you get any error messages.

 Just to make sure everything is as it should be. Please show the 
 output of 'ls -l /etc/shadow'.
   
 Here it is:
 ~# ls -l /etc/shadow
 -rw-r- 1 root shadow 850 2008-10-24 13:31 /etc/shadow

That looks ok.

Regards,
Andrei
-- 
If you can't explain it simply, you don't understand it well enough.
(Albert Einstein)


signature.asc
Description: Digital signature

Re: Shadow...

[Renato S. Yamane]

David Pedro Willemann escreveu:
 Possuo o SUSE 10.0 instalado como um servidor de email e estou fazendo a
 migração para um Debian Etch.

O Etch será substituido pelo Lenny dentro de uns 30 dias, no máximo.

 A senhas dos usuários no arquivo Shadow no
 SUSE estão com a codifição Blowfish.
 Pelo que verifiquei o DEBIAN trabalha com a codificação de senhas com MD5.

É só fazer o Debian utilizar blowfish também.
http://ludoa.wordpress.com/2007/04/02/moving-from-md5-to-blowfish-on-debianubuntu

Att,
Renato


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Shadow...

[David Pedro Willemann]

Senhores,

Possuo o SUSE 10.0 instalado como um servidor de email e estou fazendo  
a migração para um Debian Etch. A senhas dos usuários no arquivo  
Shadow no SUSE estão com a codifição Blowfish.

Pelo que verifiquei o DEBIAN trabalha com a codificação de senhas com MD5.
Criei todos os usuarios no debian so que na hora de trazer o as senhas  
do shadow com a codificação Blowfish do SUSE não loga no Debian.

Alguem teria uma luz para resolver este problema que estou tendo ?
Como posso fazer a migração das senhas do SUSE(blowfish) para o DEBIAN  
Etch(MD5) ou como faço para mudar o tipo de codifição do arquivo  
shadow do DEBIAN ?

Alguma dica sobre o q pesquisar ?

Obrigado e aguardo retorno.

David Pedro Willemann
Administrador de Redes - Labmetro
(48) 99197836
(48) 32480982
(48) 36470220


Quoting Rodrigo [EMAIL PROTECTED]:




This message was sent using IMP, the Internet Messaging Program.


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Calcular paramertros de contraseña Timestamp /etc/shadow

[andres sarmiento]

Estimados:
Tengo una duda acerca de como calcular algunos parámetros relacionados
con las contraseñas del  archivo /etc/shadow.
He buscado documentación y no he encontrado la manera de calcular
manualmente dichos parámetros para sistemas linux.
A continuación adjunto lo que he encontrado:

ejemplo:

cuenta-test:$1$DORWlFmM$4yhE.0olwWtHxFN5o/AR7.:13969:0:60:9:::
 1   2
  34  5   6 7 8

1.  User name : It is your login name
2.  Password: It your encrypted password. The password should be
minimum 6-8 characters long including special characters/digits
3.  Last password change (lastchanged): Days since Jan 1, 1970 that
password was last changed
4.  Minimum: The minimum number of days required between password
changes i.e. the number of days left before the user is allowed to
change his/her password
5.  Maximum: The maximum number of days the password is valid (after
that user is forced to change his/her password)
6.  Warn : The number of days before password is to expire that user is
warned that his/her password must be changed
7.  Inactive : The number of days after password expires that account is 
disabled
8.  Expire : days since Jan 1, 1970 that account is disabled i.e. an
absolute date specifying when the login may no longer be used

Me gustaría poder calcular manualmente desde el punto 3 hacia adelante.

He probado con el comando $chage -l nombre_usuario y me entrega
dicha información procesada para 1 usuario, pero necesito poder
calcularla manualmente para muchos usuarios.
También he probado con el comando $date -d @timestamp y me arroja
algunos minutos algunas horas pero siempre en 1/1/1970.

Bueno amigos gracias por leer.

Saludos Cordiales


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: Calcular paramertros de contraseña Timestamp /etc/shadow

[andres sarmiento]

El día 9 de julio de 2008 11:19, Abraham Pérez [EMAIL PROTECTED] escribió:
 2008/7/9, andres sarmiento [EMAIL PROTECTED]:

 Estimados:
 Tengo una duda acerca de como calcular algunos parámetros relacionados
 con las contraseñas del  archivo /etc/shadow.
 He buscado documentación y no he encontrado la manera de calcular
 manualmente dichos parámetros para sistemas linux.
 A continuación adjunto lo que he encontrado:

 ejemplo:

 cuenta-test:$1$DORWlFmM$4yhE.0olwWtHxFN5o/AR7.:13969:0:60:9:::
  1   2
   34  5   6 7 8

 1.  User name : It is your login name
 2.  Password: It your encrypted password. The password should be
 minimum 6-8 characters long including special characters/digits
 3.  Last password change (lastchanged): Days since Jan 1, 1970 that
 password was last changed
 4.  Minimum: The minimum number of days required between password
 changes i.e. the number of days left before the user is allowed to
 change his/her password
 5.  Maximum: The maximum number of days the password is valid (after
 that user is forced to change his/her password)
 6.  Warn : The number of days before password is to expire that user
 is
 warned that his/her password must be changed
 7.  Inactive : The number of days after password expires that account
 is disabled
 8.  Expire : days since Jan 1, 1970 that account is disabled i.e. an
 absolute date specifying when the login may no longer be used

 Me gustaría poder calcular manualmente desde el punto 3 hacia adelante.

 He probado con el comando $chage -l nombre_usuario y me entrega
 dicha información procesada para 1 usuario, pero necesito poder
 calcularla manualmente para muchos usuarios.
 También he probado con el comando $date -d @timestamp y me arroja
 algunos minutos algunas horas pero siempre en 1/1/1970.

 Bueno amigos gracias por leer.

 Saludos Cordiales



 --
 To UNSUBSCRIBE, email to [EMAIL PROTECTED]
 with a subject of unsubscribe. Trouble? Contact
 [EMAIL PROTECTED]


 Mis disculpas por adelantado, pero no termino de entender qué es lo que
 necesitas.


Veo que el formato se corrió, mil disculpas:

Lo que necesito es poder calcular desde el punto 3 (13969 desde string
de shadow), es decir cuando fue la última vez que la password se
cambió, cuando expira, cuando se bloquea, etc.
Gracias por el interes.
Saludos cordiales


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: Calcular paramertros de contraseña Timestamp /etc/shadow

[mariodebian]

El mié, 09-07-2008 a las 11:29 -0400, andres sarmiento escribió:
 El día 9 de julio de 2008 11:19, Abraham Pérez [EMAIL PROTECTED] escribió:
  2008/7/9, andres sarmiento [EMAIL PROTECTED]:
 
  Estimados:
  Tengo una duda acerca de como calcular algunos parámetros relacionados
  con las contraseñas del  archivo /etc/shadow.
  He buscado documentación y no he encontrado la manera de calcular
  manualmente dichos parámetros para sistemas linux.
  A continuación adjunto lo que he encontrado:
 
  ejemplo:
 
  cuenta-test:$1$DORWlFmM$4yhE.0olwWtHxFN5o/AR7.:13969:0:60:9:::
   1   2
34  5   6 7 8
 
  1.  User name : It is your login name
  2.  Password: It your encrypted password. The password should be
  minimum 6-8 characters long including special characters/digits
  3.  Last password change (lastchanged): Days since Jan 1, 1970 that
  password was last changed
  4.  Minimum: The minimum number of days required between password
  changes i.e. the number of days left before the user is allowed to
  change his/her password
  5.  Maximum: The maximum number of days the password is valid (after
  that user is forced to change his/her password)
  6.  Warn : The number of days before password is to expire that user
  is
  warned that his/her password must be changed
  7.  Inactive : The number of days after password expires that account
  is disabled
  8.  Expire : days since Jan 1, 1970 that account is disabled i.e. an
  absolute date specifying when the login may no longer be used
 
  Me gustaría poder calcular manualmente desde el punto 3 hacia adelante.
 
  He probado con el comando $chage -l nombre_usuario y me entrega
  dicha información procesada para 1 usuario, pero necesito poder
  calcularla manualmente para muchos usuarios.
  También he probado con el comando $date -d @timestamp y me arroja
  algunos minutos algunas horas pero siempre en 1/1/1970.
 
  Bueno amigos gracias por leer.
 
  Saludos Cordiales
 


Tirando un poco de python:


#!/usr/bin/env python
# -*- coding: UTF-8 -*-

import time
import sys


try:
f=open('/etc/shadow','r')
data=f.readlines()
f.close()
except:
print Can't read /etc/shadow, exec by root, please!!
sys.exit(1)

for line in data:
user=line.strip().split(':')
#print user
if user[1] == '*' or user[1] == '!':
#print User %s locked or with no pass%user[0]
continue
print User %s change passwd at '%s' \
  %(user[0], time.ctime(int(user[2])*60*60*24)  )

###

el último print te calcula la fecha (no los días) en la que la
contraseña se cambió...

sólo tienes que cambiar user[2] (lo que sería tu campo 3) para leer y
hacer operaciones con el resto de campos.

Saludos
-- 
http://soleup.eup.uva.es/mariodebian


signature.asc
Description: Esta parte del mensaje está firmada	digitalmente

Re: Calcular paramertros de contraseña Timestamp /etc/shadow

[Manolo Díaz]

El Wed, 9 Jul 2008 11:29:26 -0400
andres sarmiento [EMAIL PROTECTED] escribió:

 El día 9 de julio de 2008 11:19, Abraham Pérez [EMAIL PROTECTED]
 escribió:
  2008/7/9, andres sarmiento [EMAIL PROTECTED]:
 
  Estimados:
  Tengo una duda acerca de como calcular algunos parámetros
  relacionados con las contraseñas del  archivo /etc/shadow.
  He buscado documentación y no he encontrado la manera de calcular
  manualmente dichos parámetros para sistemas linux.
  A continuación adjunto lo que he encontrado:
 
  ejemplo:
 
  cuenta-test:$1$DORWlFmM$4yhE.0olwWtHxFN5o/AR7.:13969:0:60:9:::
   1   2
34  5   6 7 8
 
  1.  User name : It is your login name
  2.  Password: It your encrypted password. The password should
  be minimum 6-8 characters long including special characters/digits
  3.  Last password change (lastchanged): Days since Jan 1, 1970
  that password was last changed
  4.  Minimum: The minimum number of days required between
  password changes i.e. the number of days left before the user is
  allowed to change his/her password
  5.  Maximum: The maximum number of days the password is valid
  (after that user is forced to change his/her password)
  6.  Warn : The number of days before password is to expire
  that user is
  warned that his/her password must be changed
  7.  Inactive : The number of days after password expires that
  account is disabled
  8.  Expire : days since Jan 1, 1970 that account is disabled
  i.e. an absolute date specifying when the login may no longer be
  used
 
  Me gustaría poder calcular manualmente desde el punto 3 hacia
  adelante.
 
  He probado con el comando $chage -l nombre_usuario y me entrega
  dicha información procesada para 1 usuario, pero necesito poder
  calcularla manualmente para muchos usuarios.
  También he probado con el comando $date -d @timestamp y me arroja
  algunos minutos algunas horas pero siempre en 1/1/1970.
 
  Bueno amigos gracias por leer.
 
  Saludos Cordiales
 
 
 
  --
  To UNSUBSCRIBE, email to
  [EMAIL PROTECTED] with a subject of
  unsubscribe. Trouble? Contact [EMAIL PROTECTED]
 
 
  Mis disculpas por adelantado, pero no termino de entender qué es lo
  que necesitas.
 
 
 Veo que el formato se corrió, mil disculpas:
 
 Lo que necesito es poder calcular desde el punto 3 (13969 desde string
 de shadow), es decir cuando fue la última vez que la password se
 cambió, cuando expira, cuando se bloquea, etc.
 Gracias por el interes.
 Saludos cordiales
 
 

Ese es el número de días que han pasado entre el 1 de enero de 1970
y la fecha en que cambiaste por última vez la contraseña.

1. Conviértelo a segundos
13969 días = 1206921600 s

2. usa date
~$ date -d @1206921600
lun mar 31 02:00:00 CEST 2008

y resulta que esa contraseña fue cambiada por última vez el 31 de
marzo de 2008.

Saludos.
-- 
Manolo Díaz


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: permission of shadow file and upgrade the kernel

[ann kok]

Hi Doug

Thank you

But I saw most of linux are using 600
why is debian using 640?

for the upgrade, could you give me more information?
eg: steps to upgrade

thank you




--- Douglas Allan Tutty [EMAIL PROTECTED] wrote:

 On Mon, Apr 09, 2007 at 12:47:23PM -0700, ann kok
 wrote:
  Hi all
  
  why the permission of the shadow file in debian is
  640?
  and 
  how can I upgrade the kernel?
  eg: 686 kernel
 
 1.What do you think the permissions of shadow
 should be?  The only
 user who needs to read /etc/shadow is root, that is
 the whole point of
 having shadow passwords.
 
 2.Assuming you're running etch, just install the
 linux-image meta
 package for your arch, it will always depend on the
 most recent version.
 
 Doug.
 
 
 -- 
 To UNSUBSCRIBE, email to
 [EMAIL PROTECTED] 
 with a subject of unsubscribe. Trouble? Contact
 [EMAIL PROTECTED]
 
 



 

The fish are biting. 
Get more visitors on your site using Yahoo! Search Marketing.
http://searchmarketing.yahoo.com/arp/sponsoredsearch_v2.php


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: permission of shadow file and upgrade the kernel

[Douglas Allan Tutty]

On Tue, Apr 10, 2007 at 05:52:19AM -0700, ann kok wrote:
 --- Douglas Allan Tutty [EMAIL PROTECTED] wrote:
  On Mon, Apr 09, 2007 at 12:47:23PM -0700, ann kok
  wrote:
   
   why the permission of the shadow file in debian is
   640?
   and 
   how can I upgrade the kernel?
   eg: 686 kernel
  
  1.  What do you think the permissions of shadow
  should be?  The only
  user who needs to read /etc/shadow is root, that is
  the whole point of
  having shadow passwords.
  
  2.  Assuming you're running etch, just install the
  linux-image meta
  package for your arch, it will always depend on the
  most recent version.
  
 But I saw most of linux are using 600
 why is debian using 640?
 
 for the upgrade, could you give me more information?
 eg: steps to upgrade
 

Re shadow:
I think the best answer you've already received is that scripts that
need to read shadow only (no write) don't need to run UID root but only
GID root.  It then makes more sense (more secure) to give shadow
group-root read permissions.

Re the kernel.  Need more information.  At what state is your box
currently and to what state would you like it?  Are you currenly running
sarge and want to upgrade to etch?  What kernel are you currently
running?

Have you read the Etch release notes?

For each flavour of kernel, there exists what is called a meta-package
who's job it is to depend on the most recent version of that flavour.
As new versions become available, the kernel will show up as an
upgradeable package in aptitude.  Of course, kernel upgrades are the
ones to be most careful with.

Doug.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

permission of shadow file and upgrade the kernel

[ann kok]

Hi all

why the permission of the shadow file in debian is
640?
and 
how can I upgrade the kernel?
eg: 686 kernel

Thank you



 

Don't get soaked.  Take a quick peek at the forecast
with the Yahoo! Search weather shortcut.
http://tools.search.yahoo.com/shortcuts/#loc_weather


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: permission of shadow file and upgrade the kernel

[Douglas Allan Tutty]

On Mon, Apr 09, 2007 at 12:47:23PM -0700, ann kok wrote:
 Hi all
 
 why the permission of the shadow file in debian is
 640?
 and 
 how can I upgrade the kernel?
 eg: 686 kernel

1.  What do you think the permissions of shadow should be?  The only
user who needs to read /etc/shadow is root, that is the whole point of
having shadow passwords.

2.  Assuming you're running etch, just install the linux-image meta
package for your arch, it will always depend on the most recent version.

Doug.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: permission of shadow file and upgrade the kernel

[Bob McGowan]

Douglas Allan Tutty wrote:

On Mon, Apr 09, 2007 at 12:47:23PM -0700, ann kok wrote:

Hi all

why the permission of the shadow file in debian is
640?


---deleted



1.  What do you think the permissions of shadow should be?  The only
user who needs to read /etc/shadow is root, that is the whole point of
having shadow passwords.


---deleted


Doug.




One might wonder why it isn't just 600, if the only user needing access 
is root?  The answer may be in the permissions and owner/group:


  -rw-r- 1 root shadow 

It would appear there are (or could potentially be) tools that need to 
only read the file.  Rather than make them set uid to root, which would 
give them rw permission, they are set gid so they have ro permission, 
which limits the damage they could potentially do.


Bob


smime.p7s
Description: S/MIME Cryptographic Signature

Re: permission of shadow file and upgrade the kernel

[Greg Folkert]

On Mon, 2007-04-09 at 17:37 -0700, Bob McGowan wrote:
[snip]
 One might wonder why it isn't just 600, if the only user needing access 
 is root?  The answer may be in the permissions and owner/group:
 
-rw-r- 1 root shadow 
 
 It would appear there are (or could potentially be) tools that need to 
 only read the file.  Rather than make them set uid to root, which would 
 give them rw permission, they are set gid so they have ro permission, 
 which limits the damage they could potentially do.

You are correct. Things like authentication for various services are
just one of many.
-- 
greg, [EMAIL PROTECTED]

Novell's Directory Services is a competitive product to Microsoft's
Active Directory in much the same way that the Saturn V is a competitive
product to those dinky little model rockets that kids light off down at
the playfield. -- Thane Walkup


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: Przeniesienie/zmiana nazwy plików passwd i shadow

[malkowitch]

 Witam!

 Mam pytanie. Czy istnieje możliwość przeniesienia na stałe passwd i shadow
 do innego katalogu lub/i zmiana nazwy? Zapytałem pana google ale się nie
 spisał.

 Z góry dziękuję za odpowiedź.

 Pozdrowienia,
  Malkowitch

a można wiedzieć po co ?

Chcę utrudnić zdobyć pliku haseł. Symlink raczej odpada.---BeginMessage---
a można wiedzieć po co ?

Dnia niedziela, 21 stycznia 2007 23:09, [EMAIL PROTECTED] napisał:
 Witam!

 Mam pytanie. Czy istnieje możliwość przeniesienia na stałe passwd i shadow
 do innego katalogu lub/i zmiana nazwy? Zapytałem pana google ale się nie
 spisał.

 Z góry dziękuję za odpowiedź.

 Pozdrowienia,
  Malkowitch

-- 
Etch Debian User: PawelatWartandotorg
kadu:3735326 Registered Linux User : 406139 |PLUG :1966491030
GnuPG | pub 1024D/2AAB159B
Home Page: http://www.wartan.org

---End Message---

Re: Przeniesienie/zmiana nazwy plików passwd i shadow

[Jaroslaw Bylina]

= Dnia: poniedziałek, 22 stycznia 2007 16:37, [EMAIL PROTECTED] pisze:
  Witam!
 
  Mam pytanie. Czy istnieje możliwość przeniesienia na stałe passwd i
  shadow do innego katalogu lub/i zmiana nazwy? Zapytałem pana google ale
  się nie spisał.
 
  Z góry dziękuję za odpowiedź.
 
  Pozdrowienia,
   Malkowitch
 
 a można wiedzieć po co ?

 Chcę utrudnić zdobyć pliku haseł. Symlink raczej odpada.

Wybacz, ale to chyba bez sensu. :)

Przede wszystkim dlatego, że wiele miejsc w systemie i w narzędziach odwołuje 
się bezpośrednio do ścieżek /etc/{passwd,shadow,group,gshadow} itd. Jedyne 
sensowne wyjście to właśnie symlink. A tak (w twoim wypadku) to może i trzeba 
by robić nawet jakieś ręczne poprawki w jądrze lub/i w kilku 
narzędziach/bibliotekach...

Poza tym całym zamieszaniem, skuteczność takiego postępowania (w celu 
zabezpieczenia systemu) jest rażąco niska...

pzdr,
jmb


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: Przeniesienie/zmiana nazwy plików passwd i shadow

[Mariusz Kruk]

Jaroslaw Bylina napisał(a):
Przede wszystkim dlatego, że wiele miejsc w systemie i w narzędziach odwołuje 
się bezpośrednio do ścieżek /etc/{passwd,shadow,group,gshadow} itd. Jedyne 
sensowne wyjście to właśnie symlink. A tak (w twoim wypadku) to może i trzeba 
by robić nawet jakieś ręczne poprawki w jądrze lub/i w kilku 
narzędziach/bibliotekach...


Akurat jądro guzik obchodzi co masz w /etc/whatever. Jądro interesują 
tylko UIDy.



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: Przeniesienie/zmiana nazwy plików passwd i shadow

[Jerzy Patraszewski]

Jak doniosły WSI, dnia Mon, 22 Jan 2007 00:09:48 +0100
[EMAIL PROTECTED] napisał(a):

 Witam!
 
 Mam pytanie. Czy istnieje możliwość przeniesienia na stałe passwd i
 shadow do innego katalogu lub/i zmiana nazwy? Zapytałem pana google
 ale się nie spisał.
 
 Z góry dziękuję za odpowiedź.
  
 Pozdrowienia,
  Malkowitch
 
Witam ponownie,
zapomniałem dodać, że passwd (i shadow) to nie tyle plik, co baza danych
poczytaj na googlach o Name Service Switch (NSS). Myślę że nie jest
możliwe zmiana nazwy/lokalizacji tego pliku. 
Jeśli jesteś hmmm... (samobójcą) to postaw sobie LDAP'a, 
wyedytuj nsswitch.conf, skonfiguruj pam_ldap i wykasuj 
passwd, shadow, groups, services itd. 
Pozdr.
sm0q
  

Re: Przeniesienie/zmiana nazwy plików passwd i shadow

[Jerzy Patraszewski]

Jak doniosły WSI, dnia Mon, 22 Jan 2007 00:09:48 +0100
[EMAIL PROTECTED] napisał(a):

 Witam!
 
 Mam pytanie. Czy istnieje możliwość przeniesienia na stałe passwd i
 shadow do innego katalogu lub/i zmiana nazwy? Zapytałem pana google
 ale się nie spisał.
 
 Z góry dziękuję za odpowiedź.
  
 Pozdrowienia,
  Malkowitch

Witaj :) 
Hmm... Security by obscurity... to nie security
Przepraszam że nie na temat, ale IMHO raczej
zainteresuj się grsecurity, selinux'em, ACL'ami, chroot'em itp., a nie
staraj się udziwnić konfiguracji na siłę. 
Jeśli boisz sie cgi - to mod_security itd,itd,itd
Pozdr,
sm0q

Przeniesienie/zmiana nazwy plików passwd i shadow

[malkowitch]

Witam!

Mam pytanie. Czy istnieje możliwość przeniesienia na stałe passwd i shadow do
innego katalogu lub/i zmiana nazwy? Zapytałem pana google ale się nie
spisał.

Z góry dziękuję za odpowiedź.
 
Pozdrowienia,
 Malkowitch

Re: Przeniesienie/zmiana nazwy plików passwd i shadow

[Adam Byrtek]

On Mon, 2007-01-22 at 00:09 +0100, [EMAIL PROTECTED] wrote:
 
 Mam pytanie. Czy istnieje możliwość przeniesienia na stałe passwd i
 shadow do
 innego katalogu lub/i zmiana nazwy? Zapytałem pana google ale się nie
 spisał. 

Zrobić symlink?

Pozdrawiam,
Adam

-- 
Adam Byrtek / Alpha
Każdy ideał w ciele jest trywialny - prawdy algebraiczne

Re: passwd + shadow + smbpasswd = ldap

[Marc Blumentritt]

Thorsten Schmidt schrieb:
 zur Zeit suche ich ein Tool, das in der Lage ist, eine alte Accountdatenbank 
 die aus den Dateien passwd,shadow,smbpasswd besteht nach ldap zu migrieren.
 Die smbldap-tools können dies anscheinend mit unix-Accounts machen.
 Dies reicht aber leider nicht.
 Zudem können sie sogn. pwdump Accounts importieren - um was handelt es sich 
 hier eigentlich?
 Wisst ihr evtl. wie ich am besten meine alten Daten migriere?


Vielleicht hilft dir ja das hier weiter:

http://de.samba.org/samba/docs/man/Samba-HOWTO-Collection/passdb.html#pdbeditthing

Habt das tool noch nie benutzt, aber laut Beschreibung kann es dir
vielleicht weiterhelfen.

Grüße
Marc


-- 
Haeufig gestellte Fragen und Antworten (FAQ): 
http://www.de.debian.org/debian-user-german-FAQ/

Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED]
mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)

Re: passwd + shadow + smbpasswd = ldap

[Michelino Caroselli]

Thorsten Schmidt wrote:
 zur Zeit suche ich ein Tool, das in der Lage ist, eine alte Accountdatenbank 
 die aus den Dateien passwd,shadow,smbpasswd besteht nach ldap zu migrieren.
 Die smbldap-tools können dies anscheinend mit unix-Accounts machen.
Hmm, ich dachte die wären nur zur Verwalten der Accounts.

 Dies reicht aber leider nicht.
 Zudem können sie sogn. pwdump Accounts importieren - um was handelt es sich 
 hier eigentlich?
Ein Programm, um die Passwörter aus der Registry zu extrahieren. Schau dir
mal http://us1.samba.org/samba/ftp/pwdump/README an.

 Wisst ihr evtl. wie ich am besten meine alten Daten migriere?
Mit den migrationtools (apt-cache show migrationtools;)


HTH und Gruß, Michel
-- 


-- 
Haeufig gestellte Fragen und Antworten (FAQ): 
http://www.de.debian.org/debian-user-german-FAQ/

Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED]
mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)

passwd + shadow + smbpasswd = ldap

[Thorsten Schmidt]

Hallo,

zur Zeit suche ich ein Tool, das in der Lage ist, eine alte Accountdatenbank 
die aus den Dateien passwd,shadow,smbpasswd besteht nach ldap zu migrieren.
Die smbldap-tools können dies anscheinend mit unix-Accounts machen.
Dies reicht aber leider nicht.
Zudem können sie sogn. pwdump Accounts importieren - um was handelt es sich 
hier eigentlich?
Wisst ihr evtl. wie ich am besten meine alten Daten migriere?

Bis dene
Thorsten

How to create shadow passwords manually.........

[M-L]

My Etch installer doesn't finish the installation, so i have to just reboot, 
and create my own passwords and such from the shell, and a few other things 
by hand.

But these are in /etc/passwd There is no /etc/shadow file.

Apart from creating the /etc/shadow file, how do i create shadow passwords?

TIA
Charlie
-- 
Registered Linux User:- 329524
+++
If a man constantly aspires is he not 
elevated? ...Henry David Thoreau


Linux Debian Etch


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: How to create shadow passwords manually.........

[Steve Kemp]

On Mon, Sep 25, 2006 at 08:21:30PM +1000, M-L wrote:

 But these are in /etc/passwd There is no /etc/shadow file.
 Apart from creating the /etc/shadow file, how do i create shadow passwords?

   /sbin/shadowconfig on

Steve
-- 
Debian GNU/Linux System Administration
http://www.debian-administration.org/


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Forced to edit shadow group file manually in Etch

[Siju George]

Hi,

I switched over from Sarge to Etch. And I get the message below when I
edit the group file.

# vigr
You have modified /etc/group.
You may need to modify /etc/gshadow for consistency.
Please use the command `vigr -s' to do so.

It never used to happen in Sarge.

Could some one point out what I am missing? How can I automate the
shadow file modification?

Thank you so much

Kind Regards

Siju


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: How to create shadow passwords manually.........

[Charlie]

On Monday 25 September 2006 20:40, Steve Kemp wrote:
  But these are in /etc/passwd There is no /etc/shadow file.
  Apart from creating the /etc/shadow file, how do i create shadow
  passwords?

    /sbin/shadowconfig on

Thanks Steve.

-- 
Registered Linux User:- 329524
+++
I have been reading your Descartes. Very interesting. I think, therefore I 
am. He forgot to mention the other part. I'm sure he knew, he just 
forgot: I don't think, therefore I'm not. --- 
KATAGIRI ROSHI

***
Debian Etch
___

SHADOW

[Internauta]

Pessoal,

Estava instalando uma máquina AMD64 através do DFS e me deparei com um
problemão: ELE NÃO HABILITOU O USO DO SHADOW

Alguém sabe me informar como eu faço para habilitar o shadow?

Desde já agradeço a atenção de todos.

Abraços,
Roberth.


Message sent using UebiMiau 2.7


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

SHADOW

[Internauta]

Pessoal,

Estava instalando uma máquina AMD64 através do DFS e me deparei com um
problemão: ELE NÃO HABILITOU O USO DO SHADOW

Alguém sabe me informar como eu faço para habilitar o shadow?

Desde já agradeço a atenção de todos.

Abraços,
Roberth.



Message sent using UebiMiau 2.7


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: SHADOW

[Internauta]

Pessoal,

Resolvi o problema. É só utilizar o comando shadowconfig on | off para
ativar ou desativar o uso do shadow.

Abraços,
Roberth.

- Mensagem Original 
De: Internauta [EMAIL PROTECTED]
Para: debian-user-portuguese@lists.debian.org
debian-user-portuguese@lists.debian.org
Assunto: SHADOW
Data: 05/05/06 17:07


 Pessoal,

 Estava instalando uma máquina AMD64 através do DFS e me deparei com um
 problemão: ELE NÃO HABILITOU O USO DO SHADOW

 Alguém sabe me informar como eu faço para habilitar o shadow?

 Desde já agradeço a atenção de todos.

 Abraços,
 Roberth.


 
 Message sent using UebiMiau 2.7


 --
 To UNSUBSCRIBE, email to [EMAIL PROTECTED]
 with a subject of quot;unsubscribequot;. Trouble? Contact
[EMAIL PROTECTED]









Message sent using UebiMiau 2.7


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Précision sur /etc/shadow

[[EMAIL PROTECTED]]

Bonjour,

J'aimerais avoir une précision sur le fichier /etc/shadow

Dedans se trouve les mots de passe utilisateurs. Pour certains utilisateurs je 
souhaite qu'ils soit désactivés.

nom_user:*:13241:0:9:7:::

Donc là mon compte est désactivé grâce à l'étoile.
Mais pour certains utilisateurs j'ai des !

Quelle est la différence entre * et ! ?

Merci

Re: Précision sur /etc/shadow

[steve]

Le Lundi, 3 Avril 2006 09.59, [EMAIL PROTECTED] a écrit :
 Bonjour,

bonjour,


 J'aimerais avoir une précision sur le fichier /etc/shadow

 Dedans se trouve les mots de passe utilisateurs. Pour certains utilisateurs
 je souhaite qu'ils soit désactivés.

 nom_user:*:13241:0:9:7:::

 Donc là mon compte est désactivé grâce à l'étoile.
 Mais pour certains utilisateurs j'ai des !

 Quelle est la différence entre * et ! ?

dans

man shadow

on lit :

Si le champ du mot de passe contient une chaîne qui ne peut pas être un 
résultat valable de
   crypt(3), par exemple si elle contient les caractères ! ou *, alors 
l'utilisateur ne pourra
   pas utiliser son mot de passe UNIX pour se connecter. Ceci peut 
dépendre de pam(7).


 Merci

bonne journée

-- 
steve
jabber : [EMAIL PROTECTED]

convertir un hash MD5 php/ldap en un hash pour /etc/shadow

[Arnaud JAYET]

Bonjour

j'ai une question :


j'ai les mdp des utilisateurs codé en MD5 dans une table MySQL (un hash 
sur 32 octets) et aussi dans un annuaire LDAP, je ne connais pas leur 
mdp clair.


Je souhaite pouvoir utiliser leur mot de passe existant pour créer des 
comptes unix locaux sur un serveur sans passer par une auth. centralisée 
PAM+LDAP, juste par le classique /etc/shadow. mon idée est de recopier 
leur mdp officiel dans le /etc/shadow du serveur


Savez-vous comment je pourrai faire pour convertir un hash MD5 sur 32 
octets, généré avec la fonction md5() de PHP,  ou alors une valeur md5  
LDAP en un hash compatible avec le champ password de /etc/shadow ?



Ca concerne qu'une petite dizaine de compte sur un serveur à part donc 
pas envie (surtout ni le temps...) de m'embeter avec l'artillerie lourde 
pam+ldap pour cela.



Merci d'avance


--
Arnaud


--
Pensez à lire la FAQ de la liste avant de poser une question :
http://wiki.debian.net/?DebianFrench

Pensez à rajouter le mot ``spam'' dans vos champs From et Reply-To:

To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: OT duda con /etc/shadow

[Jesús GS]

 Le Samedi 11 Mars 2006 17:41, Ricardo Marcelo Alvarez a écrit :
   Hola hace poco hubo una discusion en la lista sobre como borrar un passwd,
   alguien habia preguntado como borrar, la cuestion es que yo pensaba que con
   passwd -l usuario
   se le borraba, con ese comando en /etc/shadow donde iria el password
   encriptado pone !, no encontre un comando que ponga *, leyendo el man de
   shadow dice que es equivalente que haya un ! o un * Es esto asi o existe
  alguna diferencia.

Hola, bueno te hago un resumen de como creo que funciona (puedo estar
equivocado o no ;). En /etc/passwd como creo que ya sabrás en el campo
contraseña hay una x que indica que el campo de contraseña se
encuentra en /etc/shadow (aunque sistemas que no tengan el sistema
shadow la tendrán ahí la pass). En /etc/shadow, si tienes el campo de
la contraseña con valor * significa, cuenta deshabilitada. Y si
tiene un valor ! significa que será imposible logearse con esa cuenta
pues ninguna cadena (cualquier password que se intente usar) nunca
podrá dar un valor que empiece por !. (para esta encriptación, man
crypt, por si quieres saber como se hace)

Es decir, resumiendo:
 * es deshabilitada
! es deshabilitada puesto que no existe cadena que pueda dar ! en su
codificación

Dos formas de hacer lo mismo.

salu2

Re: OT duda con /etc/shadow

[Claude Micouin]

Le Samedi 11 Mars 2006 17:41, Ricardo Marcelo Alvarez a écrit :
 Hola hace poco hubo una discusion en la lista sobre como borrar un passwd,
 alguien habia preguntado como borrar, la cuestion es que yo pensaba que con
 passwd -l usuario
 se le borraba, con ese comando en /etc/shadow donde iria el password
 encriptado pone !, no encontre un comando que ponga *, leyendo el man de
 shadow dice que es equivalente que haya un ! o un * Es esto asi o existe
 alguna diferencia.
Buenas,
no te lo puede decir con certeza, pero me parece haber leído en una 
revista 
(hace unos 7 años ya) que para bloquear la cuenta de un usuario, el 
administrador tenía que poner un * en la línea del usuario.
Quizas que antes la orden passwd (igual que usermod) agregaba un * y 
que 
ahorra lo pone un ! Y que es por razón de compatibilidad que han guardado los 
dos.

Salu2
-- 
Claude Micouin [EMAIL PROTECTED]     http://astuce.linux.free.fr
Por favor, no adjunte documentos en formatos doc o ppt, sino en algún 
formato estándar como html, pdf, rtf o txt. Gracias.
Cf: http://www.gnu.org/philosophy/no-word-attachments.es.html

OT duda con /etc/shadow

[Ricardo Marcelo Alvarez]

Hola hace poco hubo una discusion en la lista sobre como borrar un passwd, 
alguien habia preguntado como borrar,
la cuestion es que yo pensaba que con 
passwd -l usuario
se le borraba, con ese comando en /etc/shadow donde iria el password encriptado 
pone !, no encontre un comando que 
ponga *, leyendo el man de shadow dice que es equivalente que haya un ! o un *
Es esto asi o existe alguna diferencia.
Saludos.

man shadow
SHADOW(5)   

 SHADOW(5)

NAME
   shadow - encrypted password file

DESCRIPTION
   shadow contains the encrypted password information for user's accounts 
and optional the password aging information.  Included is

Login name

Encrypted password

Days since Jan 1, 1970 that password was last changed

Days before password may be changed

Days after which password must be changed

Days before password is to expire that user is warned

Days after password expires that account is disabled

Days since Jan 1, 1970 that account is disabled

A reserved field

   The  password  field must be filled.  The encryped password consists of 
13 to 24 characters from the 64 character alphabet a thru z, A thru Z, 0 thru 
9, . and /.  Refer to crypt(3) for details on how
   this string is interpreted.  If the password field contains some string 
that is not valid result of crypt(3), for instance ! or *, the user will not be 
able to use a unix password to log in,  subject
   to pam(7).

   The  date  of  the last password change is given as the number of days 
since Jan 1, 1970.  The password may not be changed again until the proper 
number of days have passed, and must be changed after
   the maximum number of days.  If the minimum number of days required is 
greater than the maximum number of day allowed, this password may not be 
changed by the user.

   An account is considered to be inactive and is disabled if the password 
is not changed within the specified number of days after the password expires.  
An account will also be disabled on the  speci-
   fied day regardless of other password expiration information.

   This information supercedes any password or password age information 
present in /etc/passwd.

   This file must not be readable by regular users if password security is 
to be maintained.

FILES
   /etc/passwd - user account information
   /etc/shadow - encrypted user passwords

SEE ALSO
   chage(1), login(1), passwd(1), su(1), passwd(5), pwconv(8), pwunconv(8), 
sulogin(8)

AUTHOR
   Julianne Frances Haugh ([EMAIL PROTECTED])




pgpS4lMSoUUXh.pgp
Description: PGP signature

shadow file and two root directories for apache2

[Radhika]

Hi,I am having one more question we are having one live webserver with apache 1.X and in this we are having default root document directory but only one website they are using different webroot directory how do we menction for this one website for different root directory which file we need to edit and where to menction this. We are planning to migrate from redhat webserver to debian webserver with apache 2.x and i am planning to copy the existing shadow password file from redhat machine to debian machine.It will work without any problem in debian with the same user names and passwords otherwise i need to do any other thing.Thanks for your help
		Yahoo! for Good 
Click here to donate to the Hurricane Katrina relief effort. 

Re: mcrypt = md5-passwö rter (/etc/shadow)

[Eduard Bloch]

Moin Michelle!
Michelle Konzack schrieb am Samstag, den 03. September 2005:

 Hallo *,
 
 weis jemand wie man md5 passwörter generiert, die mit /etc/shadow
 funktionieren ?  Zudem noch STDIN/STDOUT akzeptiert ?

man mkpasswd

Eduard.

-- 
Alfie *prust*
Alfie #, fuzzy
Alfie msgid Failed
Alfie msgstr Weiblich


-- 
Haeufig gestellte Fragen und Antworten (FAQ): 
http://www.de.debian.org/debian-user-german-FAQ/

Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED]
mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)

[SOLVED] Re: mcrypt = md5- passwörte r (/etc/shadow)

[Michelle Konzack]

Hi Leute,

habe über die php-general zwei Codeschnipsel bekommen, wie man mit
md5() und crypt() passwörter generieren kann und auch überprüfen...

Problem ist also gelößt,  -  und ich muß nicht zu solchen dubiosen
nicht PHP Sachen wie exec() greiden.

Zur zeit habe ich nicht soviel Zeit, wede aber die codeschnipsel auf
meiner PHP Seite ablegen.

http://devel.debian.tamay-dogan.homelinux.net/php/

Grüße
Michelle

Am 2005-09-03 10:36:32, schrieb Michelle Konzack:
 Hallo *,
 
 weis jemand wie man md5 passwörter generiert, die mit /etc/shadow
 funktionieren ?  Zudem noch STDIN/STDOUT akzeptiert ?
 
 echo -n blubberblah |mcrypt --quiet --force --bare \
   --keymode s2k-isalted-md5 \
   --algorithm 
 
 sollte nach Auskunft eines Listenteilnehmers funktionieren, geht aber
 trotzdem nicht.  Für die  habe ich schon alles ausprobiert was
 verfügbar war genauso wie s2k-salted-md5
 
 Ich bekomme immer ein Key transformation failed.
 
 Schönes Wochenende
 Michelle
 
- END OF REPLYED MESSAGE -


-- 
Linux-User #280138 with the Linux Counter, http://counter.li.org/
Michelle Konzack   Apt. 917  ICQ #328449886
   50, rue de Soultz MSM LinuxMichi
0033/3/8845235667100 Strasbourg/France   IRC #Debian (irc.icq.com)


signature.pgp
Description: Digital signature

mcrypt = md5-passwörte r (/etc/shadow)

[Michelle Konzack]

Hallo *,

weis jemand wie man md5 passwörter generiert, die mit /etc/shadow
funktionieren ?  Zudem noch STDIN/STDOUT akzeptiert ?

echo -n blubberblah |mcrypt --quiet --force --bare \
  --keymode s2k-isalted-md5 \
  --algorithm 

sollte nach Auskunft eines Listenteilnehmers funktionieren, geht aber
trotzdem nicht.  Für die  habe ich schon alles ausprobiert was
verfügbar war genauso wie s2k-salted-md5

Ich bekomme immer ein Key transformation failed.

Schönes Wochenende
Michelle

-- 
Linux-User #280138 with the Linux Counter, http://counter.li.org/
Michelle Konzack   Apt. 917  ICQ #328449886
   50, rue de Soultz MSM LinuxMichi
0033/3/8845235667100 Strasbourg/France   IRC #Debian (irc.icq.com)


signature.pgp
Description: Digital signature

Re: mcrypt = md5-passwörter (/etc/shadow)

[Christian Frommeyer]

Am Samstag 03 September 2005 10:36 schrieb Michelle Konzack:
 weis jemand wie man md5 passwörter generiert, die mit /etc/shadow
 funktionieren ?  Zudem noch STDIN/STDOUT akzeptiert ?

Vielleicht hilft Dir man 3 crypt, aber vermutlich bist Du da ja schon 
selber drauf gestoßen.

Gruß Chris
-- 
A: because it distrupts the normal process of thought
Q: why is top posting frowned upon

/etc/shadow-Acil

[Abdullah Teke]

İyi günler arşağıda iki farklı debian sisteminin /etc/shadow
dosyalarının içeriği gözükmekte. Benim sorum ikisi de MD-5 algoritmasına
göre şifrelenmesine rağmen şifreler neden farklı formatta ve ikinci
biçimde olan şifreyi ilk biçime çevirmek için yapabileceğim herhangi bir
işlem mevcutmudur. Yardımlarınız için şimdiden teşekkür ederim...İyi
çalışmalar.


alituz:$1$JuI5WWY9$lzV4Dgh8psCrMQtP7ECu10:13026:0:9:7:::
velituz::yW6MjAqMZnoXU:12759::


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

/etc/shadow et /etc/passwd

[Jay Ar]

Bonjour!

question rapide, et qui risque d'être stupide..
j'ai un fichier /etc/passwd qui contient également les
mots de passes des users.
je voudrais bien pouvoir en générer un /etc/shadow
correspondant..
quelqu'un aurait une idée comment faire?
merci!

Jay Ar






___ 
Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger 
Téléchargez cette version sur http://fr.messenger.yahoo.com


-- 
Pensez à lire la FAQ de la liste avant de poser une question :
http://wiki.debian.net/?DebianFrench

Pensez à rajouter le mot ``spam'' dans vos champs From et Reply-To:

To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: /etc/shadow et /etc/passwd

[Frédéric Bothamy]

* Jay Ar [EMAIL PROTECTED] [2005-08-10 14:54] :
 Bonjour!
 
 question rapide, et qui risque d'être stupide..
 j'ai un fichier /etc/passwd qui contient également les
 mots de passes des users.
 je voudrais bien pouvoir en générer un /etc/shadow
 correspondant..
 quelqu'un aurait une idée comment faire?

Utilise pwconv du paquet passwd.


Fred

-- 
Comment poser les questions de manière intelligente ?
http://www.gnurou.org/documents/smart-questions-fr.html
Comment signaler efficacement un bug ?
http://www.chiark.greenend.org.uk/~sgtatham/bugs-fr.html


-- 
Pensez à lire la FAQ de la liste avant de poser une question :
http://wiki.debian.net/?DebianFrench

Pensez à rajouter le mot ``spam'' dans vos champs From et Reply-To:

To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: PASSWD, SHADOW e SMBPASSWD

[Gustavo V. Goulart]

Marcos V Lazarini wrote:


Gustavo V. Goulart wrote:


Olá Lista,

 Estou atualizando meus servidores e preferi reinstalar meu servidor 
de arquivos, fiz backup dos arquivos passwd, shadow, group e de todo 
o diretório /etc/samba. Copiei somente meus usuários cadastrados nos 
arquivos passwd e shadow para os novos arquivos /etc/passwd e shadow. 
Agora não consigo mais logar com meus usuários no servidor, acho q o 
formato dos arquivos mudaram. Como posso recuperar meus usuários sem 
ter q recadastrar todas as senhas novamente ???



Olha, eu já fiz isso várias vezes e nunca deu problema. Será que não 
está havendo conflito de UID/GID?
Tenta criar um usuário novo e veja o formato que ele usa (comando 
adduser)


Não tem conflito, meus usuários estão do UID 1002 ao 1050 e todos no 
GID 100. O fomato é igualzinho, ta sinistro  rs




O samba do sarge tbm mudou, agora eu não uso mais o 
/etc/samba/smbpasswd. Como migrar esse meu banco de senhas para o 
novo padrão do samba 3 sem ter q mexer na configuracão do samba ?



Bom, isso na verdade vc pode escolher em algum lugar. Alguns usam o 
smbpasswd. Outros usam um tal de banco de dados samba (já nao me 
lembro mais o nome); mas tenho certeza que no site do samba há uma 
explicação para a migração de um sistema ou outro.
Por acaso, se vc fizer um dpkg-reconfigure samba eu acho que ele 
pergunta se vc quer usar o smbpasswd ou o outro método.


Já usei o dpkg-reconfigure, ele só da a opcão de usar esse tal banco do 
samba, mais isso eu já resolvi, vc pode usar um parâmetro no smb.conf 
para dizer onde estão as senhas.


Obrigado Marcos ...


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: PASSWD, SHADOW e SMBPASSWD

[Marcos Vinicius Lazarini]

Gustavo V. Goulart wrote:


Marcos V Lazarini wrote:


Gustavo V. Goulart wrote:


Olá Lista,

 Estou atualizando meus servidores e preferi reinstalar meu servidor 
de arquivos, fiz backup dos arquivos passwd, shadow, group e de todo 
o diretório /etc/samba. Copiei somente meus usuários cadastrados nos 
arquivos passwd e shadow para os novos arquivos /etc/passwd e shadow. 
Agora não consigo mais logar com meus usuários no servidor, acho q o 
formato dos arquivos mudaram. Como posso recuperar meus usuários sem 
ter q recadastrar todas as senhas novamente ???




Olha, eu já fiz isso várias vezes e nunca deu problema. Será que não 
está havendo conflito de UID/GID?
Tenta criar um usuário novo e veja o formato que ele usa (comando 
adduser)



Não tem conflito, meus usuários estão do UID 1002 ao 1050 e todos no GID 
100. O fomato é igualzinho, ta sinistro  rs


Observe que se vc digitou um caracter errado (trocou o : por ;) ou esqueceu 
de algum : nesses arquivos, ele ignora silenciosamente - e é uma droga achar 
o erro.


Outra coisa: vc não estaria usando o NIS?
cd /var/yp  make

--
Marcos


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

PASSWD, SHADOW e SMBPASSWD

[Gustavo V. Goulart]

Olá Lista,

 Estou atualizando meus servidores e preferi reinstalar meu servidor de 
arquivos, fiz backup dos arquivos passwd, shadow, group e de todo o 
diretório /etc/samba. Copiei somente meus usuários cadastrados nos 
arquivos passwd e shadow para os novos arquivos /etc/passwd e shadow. 
Agora não consigo mais logar com meus usuários no servidor, acho q o 
formato dos arquivos mudaram. Como posso recuperar meus usuários sem ter 
q recadastrar todas as senhas novamente ???


O samba do sarge tbm mudou, agora eu não uso mais o 
/etc/samba/smbpasswd. Como migrar esse meu banco de senhas para o novo 
padrão do samba 3 sem ter q mexer na configuracão do samba ?


Valeu lista ...


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: PASSWD, SHADOW e SMBPASSWD

[Marcos V Lazarini]

Gustavo V. Goulart wrote:


Olá Lista,

 Estou atualizando meus servidores e preferi reinstalar meu servidor de 
arquivos, fiz backup dos arquivos passwd, shadow, group e de todo o 
diretório /etc/samba. Copiei somente meus usuários cadastrados nos 
arquivos passwd e shadow para os novos arquivos /etc/passwd e shadow. 
Agora não consigo mais logar com meus usuários no servidor, acho q o 
formato dos arquivos mudaram. Como posso recuperar meus usuários sem ter 
q recadastrar todas as senhas novamente ???


Olha, eu já fiz isso várias vezes e nunca deu problema. Será que não está 
havendo conflito de UID/GID?

Tenta criar um usuário novo e veja o formato que ele usa (comando adduser)

O samba do sarge tbm mudou, agora eu não uso mais o 
/etc/samba/smbpasswd. Como migrar esse meu banco de senhas para o novo 
padrão do samba 3 sem ter q mexer na configuracão do samba ?


Bom, isso na verdade vc pode escolher em algum lugar. Alguns usam o 
smbpasswd. Outros usam um tal de banco de dados samba (já nao me lembro mais 
o nome); mas tenho certeza que no site do samba há uma explicação para a 
migração de um sistema ou outro.
Por acaso, se vc fizer um dpkg-reconfigure samba eu acho que ele pergunta se 
vc quer usar o smbpasswd ou o outro método.


--
Marcos


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: Shadow...

[Piotr Figiel]

On Sunday 06 of March 2005 00:13, HaflingeR wrote:

 Instalowalem na serwerze woodego i jakos tak sie stalo ze nie mam hasel
 w plikui /etc/shadow lecz w /etc/passwd. Tzn. w ogole nie mam pliku
 /etc/shadow :/ Jak to naprawic? :)

dpkg-reconfigure passwd?

Pozdrawiam,

-- 
Piotr Figiel
http://psychodelic.org/~feeg


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Cypted (UNIX/md5) Passwörter in /etc/shadow und GUI

[Michelle Konzack]

Hallo,

da ich derzeit im Krankenhaus bin habe ich mir vorgenommen ein paar
meiner Tools und Scripte upzudaten wobei ich bei meinem 'tduseradmin'
auf ein Problem gestoßen bin.

Ich habe ein Script verloren, mit dem ich normale UNIX-Passwörter,
bzw, md5-Passwörter generieren kann.

Kann mir hier jemand weiterhelfen ?

Mit 'mcrypt geht es irgendwie nicht...

Greetings
Michelle

-- 
Linux-User #280138 with the Linux Counter, http://counter.li.org/ 
Michelle Konzack   Apt. 917  ICQ #328449886
   50, rue de Soultz MSM LinuxMichi
0033/3/8845235667100 Strasbourg/France   IRC #Debian (irc.icq.com)


signature.pgp
Description: Digital signature