[BusyBox] how does passwd work
Felix Domke
tmbinc at elitedvb.net
Fri Feb 25 17:39:55 UTC 2005
Ralph Siemsen wrote:
> If the code is to be at all portable, assumptions like this should not
> be made. The password might be DES with salt, might be md5, might be
> stored in /etc/shadow and instead of /etc/password, etc.
> A relatively painless way to handle setting the password from a script
> is to make use of the passwd command - it will know the correct format
> on the system it runs on. I have used the following approach:
I've understanded the term "javascript" as he wants to "encrypt" (i.e.
hash) the password on client-side, avoiding to transfer the plaintext
password at all.
This can't be done in a portable way, you could transfer both md5 and
des and look for a portable method to store the result into the
corresponding file.
However, i suggest using a https server and do the stuff server-side, as
Ralph suggested. This would allow a malicious administrator to view the
password (by hacking the CGI), but would be secure otherwise.
I remember using a tool which was able to receive
"username:password"-strings on stdin, which shipped with an old SuSE
Linux. However, i wasn't able to either remember it's name nor to find
something similiar on my system. It was quite useful, dunno however if
busybox support something like this.
Felix
More information about the busybox
mailing list