Databases
StackOverflow2013
Postsdbo
PO
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    primarykey
    data
    text
    <p>Regarding password generation:</p> <blockquote> <h3><a href="http://www.gnu.org/s/libc/manual/html_node/crypt.html" rel="noreferrer">32.3 Encrypting Passwords</a></h3> <ul> <li><p>Function: char * <strong>crypt</strong> (<em>const char *key, const char *salt</em>)</p> <p>The <code>crypt</code> function takes a password, <em>key</em>, as a string, and a <em>salt</em> character array which is described below, and returns a printable ASCII string which starts with another salt. It is believed that, given the output of the function, the best way to find a <em>key</em> that will produce that output is to guess values of <em>key</em> until the original value of <em>key</em> is found.</p> <p>The <em>salt</em> parameter does two things. Firstly, it selects which algorithm is used, the MD5-based one or the DES-based one. Secondly, it makes life harder for someone trying to guess passwords against a file containing many passwords; without a <em>salt</em>, an intruder can make a guess, run <code>crypt</code> on it once, and compare the result with all the passwords. With a <em>salt</em>, the intruder must run <code>crypt</code> once for each different salt.</p> <p>For the MD5-based algorithm, the <em>salt</em> should consist of the string <code>$1$</code>, followed by up to 8 characters, terminated by either another <code>$</code> or the end of the string. The result of crypt will be the <em>salt</em>, followed by a <code>$</code> if the salt didn't end with one, followed by 22 characters from the alphabet <code>./0-9A-Za-z</code>, up to 34 characters total. Every character in the <em>key</em> is significant.</p> <p>For the DES-based algorithm, the <em>salt</em> should consist of two characters from the alphabet <code>./0-9A-Za-z</code>, and the result of <code>crypt</code> will be those two characters followed by 11 more from the same alphabet, 13 in total. Only the first 8 characters in the <em>key</em> are significant.</p> <p>The MD5-based algorithm has no limit on the useful length of the password used, and is slightly more secure. It is therefore preferred over the DES-based algorithm.</p> <p>When the user enters their password for the first time, the salt should be set to a new string which is reasonably random. To verify a password against the result of a previous call to crypt, pass the result of the previous call as the salt.</p></li> </ul> </blockquote> <p>Depending on your system, there may also be Blowfish or SHA-2 family <code>crypt</code>s as well, and it's possible that the traditional DES may be disabled for security. PAM can add its own complications in here too.</p> <pre> ID | Method ------------------------------- 1 | MD5 (Linux, BSD) 2a | Blowfish (OpenBSD) md5 | Sun MD5 5 | SHA-256 (Linux, since glibc 2.7) 6 | SHA-512 (Linux, since glibc 2.7) </pre> <p>That being said, the</p> <pre> root# useradd -d / -g users -p $(perl -e'print crypt("foo", "aa")') -M -N foo user$ su - foo Password: foo foo$ ^D root# userdel foo </pre> <p>works just fine on my system.</p> <hr> <p>Regarding the shell:</p> <p><code>/sbin/nologin</code> is traditional for login-disabled users. You'll have to double-check your FTP daemon's configuration to see if that excludes them from FTP access.</p> <hr> <p>Regarding the disabled account:</p> <p>As seen above, works for me, as expected if given a working password.</p> <hr> <p>About the other solution:</p> <p>What don't you understand about the alternate solution? It seems very clear to me.</p> <p>Just pipe "<code>username:password</code>" into "<code>chpasswd</code>".</p> <hr> <p>If you want FTP-only users, I would recommend using a FTP daemon that supports virtual users like <a href="http://www.glftpd.dk/" rel="noreferrer">glftpd</a>, <a href="http://www.pureftpd.org/" rel="noreferrer">Pure-FTPd</a>, <a href="http://www.proftpd.org/" rel="noreferrer">ProFTPD</a>, <a href="http://vsftpd.beasts.org/" rel="noreferrer">vsftpd</a>, ... actually it seems that all the common ones do. This way, an FTP account does not require a real system account.</p>
    singulars
    1. This table or related slice is empty.
    1. POUseradd using crypt password generation
      singulars
      1. PTQuestion
    1. PTAnswer
    1. This table or related slice is empty.
    1. USephemient
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. POUseradd using crypt password generation
      singulars
      1. PTQuestion
    1. This table or related slice is empty.
    1. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTAcceptedByOriginator
    2. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    3. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    1. COSorry I never thanked you for the response 7 months ago. Your solution worked, thanks :)
      singulars
      1. PO
      1. USSandwich
    2. CO+1 for *Just pipe "`username:password`" into "`chpasswd`".*
      singulars
      1. PO
      1. USMDMoore313
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload