How to create shadow passwords manually.........
My Etch installer doesn't finish the installation, so i have to just reboot, and create my own passwords and such from the shell, and a few other things by hand. But these are in /etc/passwd There is no /etc/shadow file. Apart from creating the /etc/shadow file, how do i create shadow passwords? TIA Charlie -- Registered Linux User:- 329524 +++ If a man constantly aspires is he not elevated? ...Henry David Thoreau Linux Debian Etch -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How to create shadow passwords manually.........
On Mon, Sep 25, 2006 at 08:21:30PM +1000, M-L wrote: But these are in /etc/passwd There is no /etc/shadow file. Apart from creating the /etc/shadow file, how do i create shadow passwords? /sbin/shadowconfig on Steve -- Debian GNU/Linux System Administration http://www.debian-administration.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How to create shadow passwords manually.........
On Monday 25 September 2006 20:40, Steve Kemp wrote: But these are in /etc/passwd There is no /etc/shadow file. Apart from creating the /etc/shadow file, how do i create shadow passwords? /sbin/shadowconfig on Thanks Steve. -- Registered Linux User:- 329524 +++ I have been reading your Descartes. Very interesting. I think, therefore I am. He forgot to mention the other part. I'm sure he knew, he just forgot: I don't think, therefore I'm not. --- KATAGIRI ROSHI *** Debian Etch ___
INN Access w/ Shadow Passwords
I'm having trouble getting INN to run such that it requires userid/password to get access to it. I suspect this is because it doesn't have permission to read the /etc/shadow file, but I don't know why. I've tried adding news to the shadow group. I've tried setting the passwd file to specify news being in the shadow group. I always get the same error: 502 You are not in my access file. Goodbye. Is there something I'm missing here? jordan:/etc/news$ cat /etc/news/nnrp.access stdin:Read:::* localhost:Read:+::* Brian ( [EMAIL PROTECTED] ) --- The only bad mistakes are those you fail to learn from.
Re: Changing to MD5 shadow passwords?
- Original Message - From: Ethan Benson [EMAIL PROTECTED] To: debian-user@lists.debian.org Sent: Monday, March 19, 2001 5:50 PM Subject: Re: Changing to MD5 shadow passwords? md5 hashes should work regardless of what hash passwd will create. however some time ago it was discovered that pam created bogus md5 hashes due to an endianess bug, backward compatability was retained for awhile but it might be gone now. How would I upgrade if I had a broken pam? Could anyone point me to some docs on this. I really don't want to have to try and upgrade to RH7 -- debian is much smoother in upgrading. And RH7 would probably break under the bogus md5's anyway right? also you can't just drop redhat passwd files onto debian, you will break your system. you can only take the ordinary user accounts from redhat and add them to the debian passwd files. that is uids above 500 from redhat are ok, any uid below 500 is not. How badly would it break? Could I fix it easier than having to rebuild hundreds of users and get them to reset all their passwords.
Re: Changing to MD5 shadow passwords?
On Tue, Mar 20, 2001 at 05:00:39PM -0600, Kevin Long wrote: - Original Message - From: Ethan Benson [EMAIL PROTECTED] To: debian-user@lists.debian.org Sent: Monday, March 19, 2001 5:50 PM Subject: Re: Changing to MD5 shadow passwords? md5 hashes should work regardless of what hash passwd will create. however some time ago it was discovered that pam created bogus md5 hashes due to an endianess bug, backward compatability was retained for awhile but it might be gone now. How would I upgrade if I had a broken pam? Could anyone point me to some docs on this. I really don't want to have to try and upgrade to RH7 -- debian is much smoother in upgrading. And RH7 would probably break under the bogus md5's anyway right? probably. check the pam mailing list archives, they compatility might still be in pam_pwdb (which sucks donkey balls) but i doubt its in pam_unix since it just uses standard libc calls. also you can't just drop redhat passwd files onto debian, you will break your system. you can only take the ordinary user accounts from redhat and add them to the debian passwd files. that is uids above 500 from redhat are ok, any uid below 500 is not. How badly would it break? Could I fix it easier than having to rebuild hundreds of users and get them to reset all their passwords. all you need to do is delete all the redhat system accounts, that is every user and group with a uid and gid below 500. then add the remaining users to your debian stock password files. it doesn't matter that your users have uids of 500, its system accounts like bin daemon sys and such that are different on debian and redhat. replacing debian system accounts wtih redhat system accounts will ruin your system. though i prefer to get uids reallocated starting at 1000 where they belong. i just used an awk script to add the user accounts to debian and reset gecos and password feilds. easy and pie. -- Ethan Benson http://www.alaska.net/~erbenson/ pgpQJVsP6yx0w.pgp Description: PGP signature
Changing to MD5 shadow passwords?
I would like to convert all of my Debian 2.0 and 2.2 systems to MD5 shadow passwords. If I understand the docs correctly all that needs doing is to add md5 to the apropriate lines in /etc/pam.d/passwd and /etc/pam.d/login. Is this correct? rob Live the dream.
Re: Changing to MD5 shadow passwords?
On Mon, Mar 19, 2001 at 10:04:20AM -0500, R. Ransbottom wrote: I would like to convert all of my Debian 2.0 and 2.2 systems to MD5 shadow passwords. If I understand the docs correctly all that needs doing is to add md5 to the apropriate lines in /etc/pam.d/passwd and /etc/pam.d/login. Is this correct? yes, check all the files in /etc/pam.d for `password' lines, add md5 to all password lines with pam_unix.so as the module. note that passwords are only converted to md5 after the user changes thier password. -- Ethan Benson http://www.alaska.net/~erbenson/ pgp2DQgbXWWK0.pgp Description: PGP signature
Re: Re: NIS with shadow passwords
Ciao Richard Cobbe, department's NIS server on a Solaris box upstairs. This works just fine with RH 6.2, so I'm guessing it'll be fine with potato, but confirmation before the install would be nice. Will that work? I don't know if this may be usefull, but here there is the following situation: SERVER RH with NIS+ CLIENT Debian 2.2 with NIS and it works. sure it would be mutch better if NIS+ could be found under Debian too. I'm not an expert, but outside the local network none can access in (I hope ;-) and inside none can sniff the net As soon as possible I will upgrade RH Server to Debian :-))) -- Paolo Pedaletti, Como, ITALYa www.fastflow.it/~paolop [EMAIL PROTECTED] ICQ: 4755831
NIS with shadow passwords
Hi. I have NIS installed and working good on my LAN. But I'd like to install shadow passwords as well. I've tried it, but as I compile the NIS maps, the users aren't no longer able to login :( Could somebody please help me? Thanks. -- Pedro Pereira [EMAIL PROTECTED] Linux do DEEC - FEUP
Re: NIS with shadow passwords
Pedro Pereira wrote: Hi. I have NIS installed and working good on my LAN. But I'd like to install shadow passwords as well. I've tried it, but as I compile the NIS maps, the users aren't no longer able to login :( Could somebody please help me? Thanks. use NIS+ ..i believe the NIS with linux does not support shadow. although i am not aware of a NIS+ solution that is debianized in stable. you can search the www for how to do NIS+ in linux but the process seems quite involved if your not using a supported distro like SuSE (since i think most of the NIS+ development is done by SuSE employees ..) i tried doing it with debian 2.0 ..and..ended up reinstalling because i hosed my libc bad. when i wanted a NIS server with shadow i decided on solaris 7(sparc) on an ultra 10 .. nate -- ::: ICQ: 75132336 http://www.aphroland.org/ http://www.linuxpowered.net/ [EMAIL PROTECTED]
Re: NIS with shadow passwords
Lo, on Thursday, January 25, Nate Amsden did write: Pedro Pereira wrote: Hi. I have NIS installed and working good on my LAN. But I'd like to install shadow passwords as well. I've tried it, but as I compile the NIS maps, the users aren't no longer able to login :( Could somebody please help me? Thanks. use NIS+ ..i believe the NIS with linux does not support shadow. although i am not aware of a NIS+ solution that is debianized in stable. Is this the NIS server, or the NIS client? I'm about to try installing potato on a machine at work, and I need to be able to work off our MIS department's NIS server on a Solaris box upstairs. This works just fine with RH 6.2, so I'm guessing it'll be fine with potato, but confirmation before the install would be nice. Will that work? Richard
Re: NIS with shadow passwords
Nate Amsden wrote: you can search the www for how to do NIS+ in linux but the process seems quite involved if your not using a supported distro like SuSE (since i think most of the NIS+ development is done by SuSE employees ..) i tried doing it with debian 2.0 ..and..ended up reinstalling because i hosed my libc bad. NIS+ support in general can be found at http://www.suse.de/~kukuk/nisplus/, but it's not an easy task to install (at least on RedHat it's not). You'll have to fiddle with the PAM entries a bit, to get thinks working properly. There is also a debianized version available at deb http://www.realbodo.de/ debian/ deb-src http://www.realbodo.de/ debian/ but I haven't played with that. Chances are, it works quite well out of the box. Good luck, Viktor -- Viktor Rosenfeld WWW: http://www.informatik.hu-berlin.de/~rosenfel/ Geek Code (3.1): GCS/SS d-@ s+: a20 C++@ UL++$ P+ L+++ E--- W++ N++ o? K? !W O? M? V? PS++@ PE+(-) Y+ P?(+++) t+ 5+ X- R? !tv b+ DI+ D- G e+++ h-- r- !y+
Re: NIS with shadow passwords
Richard Cobbe wrote: Lo, on Thursday, January 25, Nate Amsden did write: Pedro Pereira wrote: Hi. I have NIS installed and working good on my LAN. But I'd like to install shadow passwords as well. I've tried it, but as I compile the NIS maps, the users aren't no longer able to login :( Could somebody please help me? Thanks. use NIS+ ..i believe the NIS with linux does not support shadow. although i am not aware of a NIS+ solution that is debianized in stable. Is this the NIS server, or the NIS client? I'm about to try installing potato on a machine at work, and I need to be able to work off our MIS department's NIS server on a Solaris box upstairs. This works just fine with RH 6.2, so I'm guessing it'll be fine with potato, but confirmation before the install would be nice. Will that work? Richard I got this problem a moth ago, the error began when I tried to make the NIS maps. But I edited a Makefile turnig on some think about merging shadown files (I don't remember more and I don't have the system more). []'s -- _ Rodrigo Morais Araujo [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] _ Be Free! Use Linux.
X with shadow-passwords
Could anybody help me? I can't start an X session as unprivileged user. Using xdm neither unprivileged-user or root can login Using startx just root can login I read in the LinuxFAQ that it might be due to use of non-shadow password programs (as startx, X, xinit, etc). Since I'm using shadow-password protection in my system, I think this could be the problem. Does anybody know what version of xfree86 has this shadow-password compatibility? Is there any chance I get my actual version (3.3.6) to work with shadow-password compatibility? I really appreciate any sugestion since I'm a newbie-Debian-user (Is this the reason why nobody answer my questions?, this is not the newbie mailing list I thought ) Thanks in advance. --- Este mensaje fue enviado mediante Web E-mail de MegaRed INTERNET POR CABLE http://www.megared.net.mx
Re: X with shadow-passwords
On Thu, Jul 20, 2000 at 05:13:12PM +, [EMAIL PROTECTED] wrote: Could anybody help me? I can't start an X session as unprivileged user. Using xdm neither unprivileged-user or root can login Using startx just root can login I read in the LinuxFAQ that it might be due to use of non-shadow password programs (as startx, X, xinit, etc). Since I'm using shadow-password protection in my system, I think this could be the problem. Does anybody know what version of xfree86 has this shadow-password compatibility? Is there any chance I get my actual version (3.3.6) to work with shadow-password compatibility? I really appreciate any sugestion since I'm a newbie-Debian-user (Is this the reason why nobody answer my questions?, this is not the newbie mailing list I thought ) X does not need to know anything about shadow passwords since libc handles all of that. Check this: # ls -l /etc/passwd /etc/shadow /usr/X11R6/bin/X -rw-r--r--1 root root 1686 Jun 14 01:59 /etc/passwd -rw-r-1 root shadow 1038 Jun 14 01:58 /etc/shadow -rwsr-sr-x1 root root11584 Jul 7 12:07 /usr/X11R6/bin/X Do you perms match these? Also, what is contained in /etc/X11/Xserver? Ben -- ---===-=-==-=---==-=-- / Ben Collins -- ...on that fantastic voyage... -- Debian GNU/Linux \ ` [EMAIL PROTECTED] -- [EMAIL PROTECTED] -- [EMAIL PROTECTED] ' `---=--===-=-=-=-===-==---=--=---'
Re: X with shadow-passwords
[EMAIL PROTECTED] wrote: ...I can't start an X session as unprivileged user. How are you attempting to start an X session? (Answers may be below, but I am confusing myself with the differences in syntax, so just to be clear...) What error messages are you getting? Try `startx startx.log` . Using xdm neither unprivileged-user or root can login Does xdm report something? Using startx just root can login What do you mean by can login? Start X? I read in the LinuxFAQ that it might be due to use of non-shadow password programs (as startx, X, xinit, etc). Since I'm using shadow-password protection in my system, I think this could be the problem. Not likely. And this reasoning doesn't get one to this conclusion: 1) non-shadaw pwd messes up X 2) I use shadow pwd 3) My X gets messed up. The syllogism is faulty. Look for the problem elsewhere. Does anybody know what version of xfree86 has this shadow-password compatibility? Is there any chance I get my actual version (3.3.6) to work with shadow-password compatibility? I use shadow passwords, and have no problems using X. I doubt that this is at fault here, really. I really appreciate any sugestion since I'm a newbie-Debian-user Oh, hey, we're glad to help, and when you can, you'll be glad to help others, right? (Is this the reason why nobody answer my questions?, this is not the newbie mailing list I thought ) This is the mailing list for Debian Users, to request give help, and to discuss the use of Debian, and related issues (just not _too_ off topic, please), whether one is a clueless newbie, or a (get ready for a phrase-coining) newless cluebie. I don't know why nobody answered your questions, but there may be various reasons: no X-perts available at the time of your previous posts, or, possibly, not understanding the nature of your problem, so skipping instead of delving into it. Response in not guaranteed, but has a fairly high probability. Este mensaje fue enviado mediante Web E-mail de MegaRed INTERNET POR CABLE http://www.megared.net.mx Solo de curiosidad, en qual cuidad o parte de Mexico vives? (Only out of curiousity, in which city or part of Mexico do you live?) -- [EMAIL PROTECTED] 972-729-5387 [EMAIL PROTECTED] (home phone on request) http://www.koyote.com/users/bolan RE: xmailtool http://www.koyote.com/users/bolan/xmailtool/index.html I am the ILOVEGNU signature virus. Just copy me to your signature. This email was infected under the terms of the GNU General Public License.
Re: Shadow passwords with SAMBA
On Fri, May 12, 2000 at 11:58:36AM +0800, Andrew McRobert wrote: hi all ... does anyone know the configure option to compile samba with shadow password support? (It's not listed on the samba.org site with all the other options). Can you even do this? I thought samba had its own password file? I used /usr/sbin/mksmbpasswd to create the password file samba uses, then set the sync option inthe config file. It basicly calls a script that runs passwd to set the system password to be the same as the samba passwd. Eventually I decided that having separate passwords was a better idea, and ultimately moved user accounts to ldap anyways. (the samba support for ldap isnt what it could be, but is functional for my needs) What version of samba are you trying to setup anyhow? Theres a few good books on the subject. The O'Reilly one has come in handy many times. -- Mental When in doubt, use brute force. --Ken Thompson (author of unix) PGP 2.6.3a Public Key: http://www.neverlight.com/Mental-PublicKey.pgp GPG 1.0.1 Public Key: http://www.neverlight.com/mental-gpg.asc pgpGLvSs0D56L.pgp Description: PGP signature
Shadow passwords with SAMBA
hi all ... does anyone know the configure option to compile samba with shadow password support? (It's not listed on the samba.org site with all the other options). thanks ANdrew - Andrew McRobert LLB B.Sc(Comp. Sci) IT Officer, School of Law MURDOCH UNIVERSITY Ph: 9360 6479 Fax: 9310 6671 e-mail: [EMAIL PROTECTED]
I screwed up w/ shadow passwords
Hello, I have on old 486 on which I installed debian (slink) (any excuse), but forgot my root password. So I went in and edited /etc/passwords, where there were 'x's fro the password fields. Then I changed the root password after deleting the 'x' in root's /etc/passwords entry. But now, the password only works under xdm login. Under console login, _no_ password is required. How do I fix this? Martin __ Get Your Private, Free Email at http://www.hotmail.com
Re: I screwed up w/ shadow passwords
Martin Waller wrote: Hello, I have on old 486 on which I installed debian (slink) (any excuse), but forgot my root password. So I went in and edited /etc/passwords, where there were 'x's fro the password fields. [...] How do I fix this? these 'x's are ther because you have shadow installed, so you need to delete rootpassword in /etc/shadow as you have done in passwd. set back password in passwd to the 'x'. that should work. you may take a look to manpages for shadow (man -k shadow), especially to pconv/pwunconv and shadowconfig to swithc between shadow/passwd support. gerhard
Re: I screwed up w/ shadow passwords
On Fri, Oct 15, 1999 at 02:06:05AM -0700, Martin Waller wrote: Hello, I have on old 486 on which I installed debian (slink) (any excuse), but forgot my root password. So I went in and edited /etc/passwords, where there were 'x's fro the password fields. Then I changed the root password after deleting the 'x' in root's /etc/passwords entry. But now, the password only works under xdm login. Under console login, _no_ password is required. How do I fix this? Put the x back. What you really need to do is simply run passwd as root. This wont require knowing the previous password. Ben
Re: Forgotten root password HELP using shadow passwords
Assuming you're not using shadow passwords, you'll need to boot from the Thanks for the reply. I am using shadow passwords. Does that mean I'm unable to do as you suggest? Patrick
Re: Forgotten root password HELP using shadow passwords
*- On 31 Aug, Patrick Kirk wrote about Re: Forgotten root password HELP using shadow passwords Assuming you're not using shadow passwords, you'll need to boot from the Thanks for the reply. I am using shadow passwords. Does that mean I'm unable to do as you suggest? In that case do the same procedure except modify etc/shadow and empty out the second field. -- Brian - Mechanical Engineering [EMAIL PROTECTED] Purdue University http://www.ecn.purdue.edu/~servis -
Re: Linux nis and shadow passwords, non Linux clients
Next problem: The net nis master runs slink. A slink client works after shadow has been configured and + added to /etc/shadow. A client runs partly potato, and does not work, i.e. it won't accept nis passwords. NIS itself appears to work, i.e. I can see the right owners of directories, the homedirs are right, etc. Any known incompatibilities between glibc2.1 and shadow nis? glibc2.0 and nis: at least the expire field is not copied into the right structure. so you always get -1 when reading the shadow password fields. this happends only when you are useing the compat mode. if you are useing shadow: files nis it works ok. if you don't need the extra features of shadow (expiry, password age etc.), don't use it. many programs do not honor these fileds anyway (e.g. login.app). andreas
Linux nis and shadow passwords, non Linux clients
I recently switched our nis master server from AIX to linux. There are still a number of AIX hosts that should be run as nis clients or nis slaves. How do non shadow password clients get the password entries? How do I make it on AIX which doesn't have shadow passwords but a similar mechanism using /etc/security/passwd with a syntax linke this: root: password = mYfasd/89ßsx # this is not the right one of course lastupdate = 829567557 flag = nextuser: Next problem: The net nis master runs slink. A slink client works after shadow has been configured and + added to /etc/shadow. A client runs partly potato, and does not work, i.e. it won't accept nis passwords. NIS itself appears to work, i.e. I can see the right owners of directories, the homedirs are right, etc. Any known incompatibilities between glibc2.1 and shadow nis? Nils -- Plug-and-Play is really nice, unfortunately it only works 50% of the time. To be specific the Plug almost always works.--unknown source pgpXEJnRtee2r.pgp Description: PGP signature
Re: Linux nis and shadow passwords, non Linux clients
Again following up on my own posts, sigh: On Thu, Apr 22, 1999 at 03:22:58PM +0200, Nils Rennebarth wrote: Next problem: The net nis master runs slink. A slink client works after shadow has been configured and + added to /etc/shadow. A client runs partly potato, and does not work, i.e. it won't accept nis passwords. NIS itself appears to work, i.e. I can see the right owners of directories, the homedirs are right, etc. Any known incompatibilities between glibc2.1 and shadow nis? Hrmm, deinstalling nis and installing it again worked. This is getting Windows like, except that reboots are not necessary. What should I do however for clients that do not have shadow passwords? Is there a way to give them a made up password file with entries from real passwd and shadow mixed? (security reasons aside) Nils -- Plug-and-Play is really nice, unfortunately it only works 50% of the time. To be specific the Plug almost always works.--unknown source pgp46YKJiRKiD.pgp Description: PGP signature
Re: Linux nis and shadow passwords, non Linux clients
Hmmm, perhaps you'll have to generate your own intermediate passwd file to generate the NIS maps. However, I would perhaps reconsider using shadow. Unless you're only serving up some (not root, etc.) passwords from NIS and have set up NIS to work this way there's no benefit to running shadow locally since NIS is 100% insecure (ie. it'll give up password entries to anyone on your network who asks). Nils Rennebarth wrote: Again following up on my own posts, sigh: On Thu, Apr 22, 1999 at 03:22:58PM +0200, Nils Rennebarth wrote: Next problem: The net nis master runs slink. A slink client works after shadow has been configured and + added to /etc/shadow. A client runs partly potato, and does not work, i.e. it won't accept nis passwords. NIS itself appears to work, i.e. I can see the right owners of directories, the homedirs are right, etc. Any known incompatibilities between glibc2.1 and shadow nis? Hrmm, deinstalling nis and installing it again worked. This is getting Windows like, except that reboots are not necessary. What should I do however for clients that do not have shadow passwords? Is there a way to give them a made up password file with entries from real passwd and shadow mixed? (security reasons aside) Nils -- Plug-and-Play is really nice, unfortunately it only works 50% of the time. To be specific the Plug almost always works.--unknown source Part 1.2Type: application/pgp-signature -- Jens B. Jorgensen [EMAIL PROTECTED]
Re: Linux nis and shadow passwords, non Linux clients
In article [EMAIL PROTECTED], Jens B. Jorgensen [EMAIL PROTECTED] wrote: Hmmm, perhaps you'll have to generate your own intermediate passwd file to generate the NIS maps. Ah yes, a possibility is to include the password in /etc/password, and then filter that out again for shadow-capable hosts using /etc/ypserv.conf However, I would perhaps reconsider using shadow. Unless you're only serving up some (not root, etc.) passwords from NIS and have set up NIS to work this way there's no benefit to running shadow locally since NIS is 100% insecure (ie. it'll give up password entries to anyone on your network who asks). Not true. If set up correctly, it will only serve shadow maps to requests originating from secure ports (eg 1023), which means a root process. Ofcourse that means you do have to trust all root users on your network. But turning off shadow is certainly the easiest solution (shadowconfig off). You can still have shadow-like security using /etc/ypserv.conf, a feature unique to to the Linux NIS server. Mike. -- Indifference will certainly be the downfall of mankind, but who cares?
Re: Linux nis and shadow passwords, non Linux clients
Nils Rennebarth wrote: On Thu, Apr 22, 1999 at 10:01:53AM -0500, Jens B. Jorgensen wrote: Hmmm, perhaps you'll have to generate your own intermediate passwd file to generate the NIS maps. However, I would perhaps reconsider using shadow. Unless you're only serving up some (not root, etc.) passwords from NIS and have set up NIS to work this way there's no benefit to running shadow locally since NIS is 100% insecure (ie. it'll give up password entries to anyone on your network who asks). What I'm worrying about is that a remote cracker guesses a local password then logs in on our server and snatches the passwd file to crack the root account (not that root has a password that I expect someone to crack, but who knows..) The way it runs currenty, a remote user has to crack a local root account, to ask for the encrypted passwords. And yes, I do only serve user passwords id 100 by NIS. Understood. Actually, I do something similar: we use NIS behind the firewall but the firewall machine itself is an NIS client. In our situation things were a little backwards though because we had a Sun serving up the NIS maps and linux boxen as clients. The sun supports shadow but shadow maps are only served through NIS+. Unfortunately, NIS+ support is just now coming together in Linux. This is all academic though... So, whatcha need to do is customize your /var/yp/Makefile which builds the actual db files. If you open up your /var/yp/Makefile you'll find something like (snipped from my own file): passwd.byname: $(PASSWD) $(YPDIR)/Makefile @echo Updating [EMAIL PROTECTED] @$(UMASK); \ $(AWK) -F: '!/^[-+#]/ { if ($$1 != $$3 = $(MINUID) ) \ print $$1\t$$0 }' $(PASSWD) | $(DBLOAD) -i $(PASSWD) \ -o $(YPMAPDIR)/$@ - $@ [EMAIL PROTECTED](NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@ passwd.byuid: $(PASSWD) $(YPDIR)/Makefile @echo Updating [EMAIL PROTECTED] @$(UMASK); \ $(AWK) -F: '!/^[-+#]/ { if ($$1 != $$3 = $(MINUID) ) \ print $$3\t$$0 }' $(PASSWD) | $(DBLOAD) -i $(PASSWD) \ -o $(YPMAPDIR)/$@ - $@ [EMAIL PROTECTED](NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@ All we need to do is to pull the password field out of /etc/shadow and join it together with the rest of the data in /etc/passwd before putting it into the db file. We can easily do this using the join command so we modify the the above to: passwd.byname: $(PASSWD) $(SHADOW) $(YPDIR)/Makefile @echo Updating [EMAIL PROTECTED] @$(UMASK); \ /usr/bin/join -t : -j 1 -o 1.1 2.2 1.3 1.4 1.5 1.6 1.7 $(PASSWD) $(SHADOW) | \ $(AWK) -F: '!/^[-+#]/ { if ($$1 != $$3 = $(MINUID) ) \ print $$1\t$$0 }' | $(DBLOAD) -i $(PASSWD) \ -o $(YPMAPDIR)/$@ - $@ [EMAIL PROTECTED](NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@ passwd.byuid: $(PASSWD) $(SHADOW) $(YPDIR)/Makefile @echo Updating [EMAIL PROTECTED] @$(UMASK); \ /usr/bin/join -t : -j 1 -o 1.1 2.2 1.3 1.4 1.5 1.6 1.7 $(PASSWD) $(SHADOW) | \ $(AWK) -F: '!/^[-+#]/ { if ($$1 != $$3 = $(MINUID) ) \ print $$3\t$$0 }' | $(DBLOAD) -i $(PASSWD) \ -o $(YPMAPDIR)/$@ - $@ [EMAIL PROTECTED](NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@ I haven't tested the above (except for the join command itself) but I believe it'll do just exactly right. -- Jens B. Jorgensen [EMAIL PROTECTED]
WU-FTP Shadow Passwords
I installed Debian 1.3.1 (kernel 2.0.29) on a machine Iintend to use a s a public FTP/Web server. When I ran the install program, I selected to enable Shadow passwords. I also installed the package WU-FTP as an alternative to the standard ftp daemon. NOW...real users cannot log in via FTP, and by visiting the WU-FTPD site I have deduced that it is due to shadow passwords. Attempte to compile my own version of WUFTPD have been highly unsuccessful. I am sure that there is a very simple solution to this, barring that, a work-around. Can someone please enlighten me? --Greg Dickinson www.vaderfor2000.org (not registered yet) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Xlock with shadow passwords
Hey guys, I recently lot a LOT of suid bit that slaughtered a lot of system functionality. I reinstalled xlock via package.. or at least i thought i did. It has perms 2755 xlock chowned to root.shadow. Problem is... for some odd reason the group shadow although it has suid (s)... cannot execute for non-root users. (chmod 2755 xlock may be better if shadow has group read for root group) How can I make the shadow group have read for root group? Thanks in advance. Carroll Kong -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Turn off shadow passwords...
How do I turn off shadow passwords? I'm still trying to get ppp working. Ive got shadow passwords enabled, and would like to try disabling that to see if it makes a difference TIA!! Steve -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: Turn off shadow passwords...
On Sun, 18 Jan 1998, Steve Morrill wrote: How do I turn off shadow passwords? I'm still trying to get ppp working. Ive got shadow passwords enabled, and would like to try disabling that to see if it makes a difference shadowconfig off Brandon - Brandon Mitchell [EMAIL PROTECTED] We all know linux is great... it PGP: finger -l [EMAIL PROTECTED] does infinite loops in 5 seconds Phone: (757) 221-4847 --Linus Torvalds -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: Turn off shadow passwords...
How do I turn off shadow passwords? I'm still trying to get ppp working. Ive got shadow passwords enabled, and would like to try disabling that to see if it makes a difference shadowconfig off -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: PAP - Shadow passwords may also make a difference
I had this problem; PAP just didn't damn well work. For me, the fix was to add the following to pap-secrets: # magic fix * * * Someone on one of the linux mailing lists suggested it; it seems to be otherwise undocumented, although certainly not unimportant. Shadow passwords may also make a difference. I'm not using them here; I think last time I tried them (on ppp 2.2) I couldn't login with PAP any more either. is that true? __ IT -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: PAP - Shadow passwords may also make a difference
Hello all: I have adjusted by pap-secrets file as follows: #magic fix * * not # magic fix * * * I have tested with and without shadow passwords and all works fine. I think the trick is in the /etc/mgetty/login.config. I had to specify login in the AutoPPP line. OR perhaps its some other little setting I am over looking. For example. in my /etc/ppp/ options.ttyS0 options.ttyS1 options.ttyC0 . I specify the following: *** options.ttyS0 file *** moose:moose-s0 not moose-s0:mooseas indicated in the example *** options.ttyS1 file *** moose:moose-s1 not moose-s1:mooseas indicated in the example In my /etc/hosts file I give the indicated nodes IP addresses. ie: 142.154.27.2moose--- multiport server 142.154.27.10 moose-s0 142.154.27.11 moose-s1 Peter -Original Message- From: Irmund Thum [EMAIL PROTECTED] To: debian-user@lists.debian.org debian-user@lists.debian.org Date: Thursday, January 15, 1998 7:15 AM Subject: Re: PAP - Shadow passwords may also make a difference I had this problem; PAP just didn't damn well work. For me, the fix was to add the following to pap-secrets: # magic fix * * * Someone on one of the linux mailing lists suggested it; it seems to be otherwise undocumented, although certainly not unimportant. Shadow passwords may also make a difference. I'm not using them here; I think last time I tried them (on ppp 2.2) I couldn't login with PAP any more either. is that true? __ IT -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] . -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
IRCD daemon and Shadow passwords
I've pulled my password from /etc/shadow and put in the O: field in /etc/ircd/ircd.conf. I still get invallid password when I do /oper cowboy x I tried SUID/root, but ps -aux still shows ircd running as irc?!? What am I missing? Richard Nelson -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
wu-ftpd and Shadow Passwords
Greetings, Does the compiled version of wu-ftpd have support for shadow passwords. For some reason, as soon as anyone tries to log in (not anonymous) it says there are too many users and dumps you. I recently switched to shadow passwords and didn't know if there was a known problem. Also, I noticed the shadow file had a different group then root and I changed it ... perhaps that had something to do with it but I forgot what the group was. Any help out there? Thanks, -- Tim -- Timothy G. Wells Good News Internet Services E-Mail: [EMAIL PROTECTED] Phone: 513-662-4443 Web: www.goodnews.net FAX: 513-662-8461 -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: wu-ftpd and Shadow Passwords
On Wed, 1 Oct 1997, Timothy G. Wells wrote: I recently switched to shadow passwords and didn't know if there was a known problem. Also, I noticed the shadow file had a different group then root and I changed it ... perhaps that had something to do with it but I forgot what the group was. The group is shadow with read access only. Brandon - Brandon Mitchell E-mail: [EMAIL PROTECTED] Homepage: http://www.geocities.com/SiliconValley/7877/home.html PGP: finger -l [EMAIL PROTECTED] We all know Linux is great...it does infinite loops in 5 seconds. --Linus Torvalds -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: wu-ftpd and Shadow Passwords
Greetings, Does the compiled version of wu-ftpd have support for shadow passwords. For some reason, as soon as anyone tries to log in (not anonymous) it says there are too many users and dumps you. ii wu-ftpd 2.4-27 A powerful replacement for the standard ftpd Works OK for me (with shadow passwords switched on). This is on a computer wich I updated to unstable last friday. -- joost witteveen, [EMAIL PROTECTED] #!/usr/bin/perl -sp0777iX+d*lMLa^*lN%0]dsXx++lMlN/dsM0j]dsj $/=unpack('H*',$_);$_=`echo 16dio\U$kSK$/SM$n\EsN0p[lN*1 lK[d2%Sa2/d0$^Ixp|dc`;s/\W//g;$_=pack('H*',/((..)*)$/) #what's this? see http://www.dcs.ex.ac.uk/~aba/rsa/ -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
NIS maps for shadow passwords?
What is easiest way to enable NIS shadow map lookups for Debian 1.3.0? -- Sami Laine -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Shadow passwords under X...
Hi. I've been wrestling with X, just like everyone else it would seem. However, I've gotten it *almost* working. The trouble now seems to be related to shadow passwords. I have shadow passwords turned on, under Debian 1.3. However, the X login started automatically at boot does not recognize any of the valid userID/password combinations. My assumption is that X does not know about shadow passwords, and from my investigations it seems I may be correct. 1) Is there a setting to make it work? 2) If !1, then how do I turn off the automatic X boot-up so I can startx after logging on? Curt- [EMAIL PROTECTED] -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: Shadow passwords under X...
On Tue, 10 Jun 1997, Curt Howland wrote: the X login started automatically at boot does not recognize any of the valid userID/password combinations. My assumption is that X does not know about shadow passwords, and from my investigations it seems I may be correct. 1) Is there a setting to make it work? This is a problem with the order of installation. The work around is as follows: shadowconfig off shadowconfig on This will allow shadowconfig to notice that there is a shadow version of xdm (that wasn't installed at the previous time shadow was enabled) and install it in place of the shadow ignorant xdm. This is being fixed in the next release (1.3.1) but the work-around will get you the same product. (the new package will only deliver xdm-shadow as it works fine in a non-shadow system) Luck, Dwarf -- _-_-_-_-_-_- _-_-_-_-_-_-_- aka Dale Scheetz Phone: 1 (904) 656-9769 Flexible Software 11000 McCrackin Road e-mail: [EMAIL PROTECTED] Tallahassee, FL 32308 _-_-_-_-_-_- If you don't see what you want, just ask _-_-_-_-_-_-_- -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: Shadow passwords under X...
On Tue, 10 Jun 1997, Curt Howland wrote: I have shadow passwords turned on, under Debian 1.3. However, the X login started automatically at boot does not recognize any of the valid userID/password combinations. You're probably referring to the xdm login. My assumption is that X does not know about shadow passwords, and from my investigations it seems I may be correct. This is indeed correct. The problem is, that there is a separate xdm-shadow to handle shadow passwords. The bug is with xbase, which does not properly install xdm-shadow when you've enabled shadow passwords. If you first install xbase and then turn on shadow support, this problem does not arise. 1) Is there a setting to make it work? The solutions are: - change to the virtual console with Ctrl-Alt-F1, log in as root and type shadowconfig off but then you lose shadow support - change to the virtual console with Ctrl-Alt-F1, log in as root and type /etc/init.d/xdm stop # because you can't update it when it runs shadowconfig on # makes xdm xdm-shadow /etc/init.d/xdm start# if this were windows, you'd now reboot :-) - wait for the release of 1.3.1, which will have a fixed xbase. 2) If !1, then how do I turn off the automatic X boot-up so I can startx after logging on? man xdm. No, seriously, look in /etc/X11/config, you'll find the lines start-xdm xdm-start-server These lines were placed there by the xbase configure script when you answered yes to the question to run xdm. Anyway, comment those lines out with a # and xdm is gone. If you later decide that you want xdm back, you can always just uncomment them. When you have x running, be sure to install tkman. Makes reading manpages a lot more comfortable. Good luck, Joost -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: Shadow passwords under X...
On Tue, 10 Jun 1997, Curt Howland wrote: Hi. I've been wrestling with X, just like everyone else it would seem. However, I've gotten it *almost* working. The trouble now seems to be related to shadow passwords. I have shadow passwords turned on, under Debian 1.3. However, the X login started automatically at boot does not recognize any of the valid userID/password combinations. My assumption is that X does not know about shadow passwords, and from my investigations it seems I may be correct. 1) Is there a setting to make it work? 2) If !1, then how do I turn off the automatic X boot-up so I can startx after logging on? I believe all you have to do is ctrl-alt-f1 to the first vc, log in as root and run shadowconfig off;shadowconfig on and you should be able to log if from xdm. HTH, Shaya -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: Shadow passwords under X...
Many thanks, I made the change and will let the list know if it works or not. (I'm not local to the machine at this time) Curt- In reply to 10 Jun message from Brad Patterson [EMAIL PROTECTED]: Hello, I believe this problem occurs because the default xdm does not handle shadow passwords. But there should be a file called xdm-shadow in /usr/X11/bin which will do what you want. To run it during startup, try editing the xdm file in /etc/init.d. Change the line that reads start-stop-daemon --start --verbose --exec /usr/bin/X11/xdm to start-stop-daemon --start --verbose --exec /usr/bin/X11/xdm-shadow Best of luck. -Brad Message from Curt Howland ([EMAIL PROTECTED]): Hi. I've been wrestling with X, just like everyone else it would seem. However, I've gotten it *almost* working. The trouble now seems to be related to shadow passwords. I have shadow passwords turned on, under Debian 1.3. However, the X login started automatically at boot does not recognize any of the valid userID/password combinations. My assumption is that X does not know about shadow passwords, and from my investigations it seems I may be correct. 1) Is there a setting to make it work? 2) If !1, then how do I turn off the automatic X boot-up so I can startx after logging on? Curt- [EMAIL PROTECTED] --- Curt Howland [EMAIL PROTECTED] http://www.Priss.com The Probability Broach by L. Neil Smith ISBN:0-812-53875-7 Available from Laissez Faire Books http://www.lfb.org/ 1.800.326.0996 -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
xlock and shadow passwords
Is there a version of xlock with shadow passwords? -- Karl M. Hegbloom [EMAIL PROTECTED] http://www.inetarena.com/~karlheg Portland, OR USA Debian GNU 1.2 Linux 2.0.29t You tell me and we'll both know. -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: xlock and shadow passwords
On Apr 16, Karl M. Hegbloom wrote Is there a version of xlock with shadow passwords? Use xlockmore instead. It comes with a newmail binary which is aware of shadow passwords. It's quite nicer than the original xlock, too. Regards, Joey -- / Martin Schulze * Debian GNU/Linux Developer * [EMAIL PROTECTED] / / http://www.debian.org/ http://home.pages.de/~joey/ -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: xlock and shadow passwords
On Apr 17, Martin Schulze wrote Is there a version of xlock with shadow passwords? Use xlockmore instead. It comes with a newmail binary ^^^ Errr... I meant an xlock binary. Sorry, should go to bed... which is aware of shadow passwords. It's quite nicer than the original xlock, too. Regards, Joey -- / Martin Schulze * Debian GNU/Linux Developer * [EMAIL PROTECTED] / / http://www.debian.org/ http://home.pages.de/~joey/ -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Shadow Passwords
Hi, is there any way to use shadow-passwords on Debian 1.2? Thanks Stefan *-* Dipl. Ing. Stefan Walder (techn. Ang. in der EDV-Systemtechnik) Universitaetsstrasse 150 E-Mail: [EMAIL PROTECTED] Werkstofftechnik IA 2/47 Tel.: (0)49(0)234-700-5952 D-44780 Bochum Fax:(0)49(0)234-7094-104 *-* -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]
Re: Shadow Passwords
On Fri, 13 Dec 1996, Stefan Walder wrote: Hi, is there any way to use shadow-passwords on Debian 1.2? Thanks Stefan I'm using the shadow packages from project/experimental, and it works all right. There were two or three binaries I belive which didnt support it: imapd, xdm, and ssh. I don't need the first two, so I just recompiled sshd (got the source and ran debian/rules ) Greg Ps: there are other problems with shadow/ssh, such as ssh doesnt use /bin/login, so /etc/limits, and password aging doesnt work with ssh -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]
Re: Shadow Passwords
On Fri, 13 Dec 1996, Gergely Madarasz wrote: On Fri, 13 Dec 1996, Stefan Walder wrote: Hi, is there any way to use shadow-passwords on Debian 1.2? Thanks Stefan I'm using the shadow packages from project/experimental, and it works all right. There were two or three binaries I belive which didnt support it: imapd, xdm, and ssh. I don't need the first two, so I just recompiled sshd (got the source and ran debian/rules ) Greg Ps: there are other problems with shadow/ssh, such as ssh doesnt use /bin/login, so /etc/limits, and password aging doesnt work with ssh I don't know about the ssh and imapd problem but for xdm, the xbase pckg have an xdm-shadow binary. Two solutions: backup xdm and make a link from xdm-shadow to xdm, or change the /etc/init.d/xdm script to use xdm-shadow in place of xdm. And if security is your business, looks at os.inf.tu-dresden.de/pub/debian-non-US/ss* for sstelnet and sslayet though I don't try it enough to say if it work well... Fabien. --- Little Billy goes to the zoo: Looks mom! An elephant like those on the Web! --- Fabien Ninoles aka le Veneur|| Running Debian-Linux [EMAIL PROTECTED]|| Lover of MOO, mountains, http://www-edu.gel.usherb.ca/ninf01 || poetry and Freedom. --- -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]
Re: shadow passwords
Bernard Leach writes: I am trying to locate a current set of packages that would upgrade a 1.1.7 system to use shadow passwords. The shadow packages are in project/experimental. Most packages in rex are already shadow aware. Also what is the Debian standpoint on shadow passwords? Will be included in 1.2. Michael -- Michael Meskes |_ __ [EMAIL PROTECTED] | / ___// / // / / __ \___ __ [EMAIL PROTECTED] | \__ \/ /_ / // /_/ /_/ / _ \/ ___/ ___/ [EMAIL PROTECTED]| ___/ / __/ /__ __/\__, / __/ / (__ ) Use Debian GNU/Linux!| //_/ /_/ //\___/_/ //
shadow passwords
I am trying to locate a current set of packages that would upgrade a 1.1.7 system to use shadow passwords. Could anyone point out where I might find the required packages? Also what is the Debian standpoint on shadow passwords? -- Bernard LeachLa Trobe Uni Melbourne Australia [EMAIL PROTECTED]http://www.cs.latrobe.edu.au/~leachbj/