On Wed, Mar 22, 2000 at 02:07:10AM -0800, Alexander Hvostov wrote: > That's a bad idea because it defeats the purpose of the password being there > to start with. You see, the password is ordinarily encrypted and kept under > tight safeguards, to make it hard to figure out what it is. If you were to > reset the password periodically, you would presumably have to store the > password without it being encrypted, which personally gives me the willies > because of its security implications, like someone being able to read your > password...
Nope, as your next paragraph shows! :] > However, it _is_ possible to copy the password, in its encrypted form, from > a cron script, and copy it into its proper place in /etc/shadow. The problem > with this is that it would need a parser of one sort or another -- probably > a perl script. Ask someone else for this, but I still think it's a bad idea > security wise. You can do it with this perl -npi.bak -e 's/^root:[^:]*:/root:pants/o' /etc/shadow and stick that in a cron job. (Change "pants" to the *encrypted* password you want remembering to escape dodgy punctuation!) Security-wise: It means there's one more place where the encrypted password is stored, and the permissions on that could & should be tight. Paranoia-wise: consider reading through all the rules in 'Crack' while you're at it, and design a password to defeat them (plenty of punctuation, numbers, mixed-case - better still, use 'pwgen') and use the encrypted form as above. HTH! ~Tim -- | Geek Code: GCS dpu s-:+ a-- C++++ UBLUAVHSC++++ P+++ L++ E--- W+++(--) N++ | w--- O- M-- V-- PS PGP++ t--- X+(-) b D+ G e++(*) h++(*) r--- y- | The sun is melting over the hills, | http://piglet.is.dreaming.org/ | All our roads are waiting / To be revealed | [EMAIL PROTECTED]