NSLU2-Linux
view · edit · print · history

SlugOS and maybe also other distros store weak crypt-hashes of passwords in /etc/shadow, which is a bad thing in terms of security. While tinylogin may or may not be compiled with support for stronger password hashes, it is possible to move the weak password hashes to /etc/shadow which is normally not readable for ordinary users. The following script faciliates the process:

 #!/bin/sh
 echo This script generates you a passwd and a shadow file to migrate from a
 echo single passwd set-up to a passwd+shadow set-up. This is especially
 echo desireable if you have still crypted passwords instead of a stronger hash.
 echo ' '

 NOWSECONDS=`/bin/date '+%s'`

 NOWDAY=$(( $NOWSECONDS / 86400 ))

 if test $NOWDAY -lt 13000 ; then
   echo ERROR: bad day cound since 1970: $NOWDAY, either /bin/date is defect
   echo or your system clock is wrong
   exit 1
 fi
 #create new passwd
 /bin/sed -r 's/([^:]+:)[^:]+(:.*)/\1x\2/' </etc/passwd >passwd.new   || { echo /bin/sed failed ; exit 1 ; }
 chmod 644 passwd.new
 chown root:root passwd.new
 echo passwd.new has been generated in current directory.

 #create new shadow
 # also fix 'x' password entries to '*' password entries in shadow
 /bin/sed -r 's/([^:]+:[^:]*:).*/\1'$NOWDAY':0:99999:7:::/' </etc/passwd |   /bin/sed -r 's/([^:]+:)x(:.*)/\1*\2/' >shadow.new || { echo /bin/sed failed ; exit 1 ; }
 chmod 640 shadow.new
 chown root:shadow shadow.new
 echo shadow.new has been generated in current directory.


 echo ' '

 echo NOTE: please verify files againts "'man 5 passwd'" and "'man 5 shadow'" before
 echo putting them in place.
 echo ' '
 echo NOTE: also try ssh root@localhost after putting them in place and before
 echo logging out.
view · edit · print · history · Last edited by mamrein.
Originally by mamrein.
Page last modified on April 10, 2008, at 09:00 AM