Re: Lost User Account Passwords

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On 2 Feb 2005, at 19:49, Thomas Cameron wrote:

----- Original Message ----- From: "Tim Alberts" <[email protected]>
To: <[email protected]>
Sent: Wednesday, February 02, 2005 11:32 AM
Subject: Lost User Account Passwords

I'm running apache on a FC3 linux box. I'm trying to make user password
control more available. I know the passwd command to change user
passwords. My question is, if a user enters a password and they forget
it, how can they get the password back out of the system without just
re-entering a new one?

Specifically, I'm using Linux-PAM with shadow passwords. I don't want
to give users root access. I'm really trying to create a cgi/bash
script that a user can enter their email address and it will email them
there password. Seems like a simple thing to do, but I haven't seen a
command to retreive a current user password from Linux-PAM/shadow
passwords. I could use a MySQL database to keep track of this stuff,
but I prefer to use the security that Linux already provides. Plus,
then I've got plain text passwords in a database or even if I encrypted
them in the database, I have the passwords in two places and then
there's the risk of them getting out of sink (however small a risk).

They really can't get their passwords back (at least not easily). The best way to do it would be to have a script which generates a new password and mails it to them. To generate quasi-random passwords I use a command like:

ps ax | md5sum | cut -c 1-8

Better yet...

dd if=/dev/urandom bs=1 count=32 | md5sum | cut -c1-8

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux