Lost User Account Passwords

Thomas Cameron thomas.cameron at camerontech.com
Wed Feb 2 18:49:04 UTC 2005


----- Original Message ----- 
From: "Tim Alberts" <talberts at msiscales.com>
To: <fedora-list at redhat.com>
Sent: Wednesday, February 02, 2005 11:32 AM
Subject: Lost User Account Passwords


> I'm running apache on a FC3 linux box.  I'm trying to make user password
> control more available.  I know the passwd command to change user
> passwords.  My question is, if a user enters a password and they forget
> it, how can they get the password back out of the system without just
> re-entering a new one?
>
> Specifically, I'm using Linux-PAM with shadow passwords.  I don't want
> to give users root access.  I'm really trying to create a cgi/bash
> script that a user can enter their email address and it will email them
> there password.  Seems like a simple thing to do, but I haven't seen a
> command to retreive a current user password from Linux-PAM/shadow
> passwords.  I could use a MySQL database to keep track of this stuff,
> but I prefer to use the security that Linux already provides.  Plus,
> then I've got plain text passwords in a database or even if I encrypted
> them in the database, I have the passwords in two places and then
> there's the risk of them getting out of sink (however small a risk).

They really can't get their passwords back (at least not easily).  The best 
way to do it would be to have a script which generates a new password and 
mails it to them.  To generate quasi-random passwords I use a command like:

ps ax | md5sum | cut -c 1-8

Thomas 




More information about the fedora-list mailing list