[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: password generator

To: suffocator@gmx.de
Subject: Re: password generator
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Fri, 3 Oct 2003 12:12:54 +0200
Cc: openldap-software@OpenLDAP.org
In-reply-to: <32146.1065125999@www55.gmx.net>
References: <32146.1065125999@www55.gmx.net>

suffocator@gmx.de writes:
> does anyone know how to automatically generate a password for 
> every user in a database?

# This is Larry Wall's password program, somewhat rewritten.  I couldn't
# find it on the net, and our version is rather Norwegian, but there
# is a 'goodenough' routine you can probably use.
# in http://ftp.se.kde.org/pub/security/tools/password/yppapasswd/.
require "passwd.pl";

my @passwd_chars =
    ('a'..'z', 'A'..'Z', 0..9, '-', '+', '?', '=', '*', '(', ')',
     '/', '&', '%', "\#", '"', '_', '!', ',', ';', '.', ':');
my (@passwd_salt) = ('.', '/', '0'..'9', 'a'..'z', 'A'..'Z');

sub make_passwd {
    my $pass;
    do {
	$pass = "";
	$pass .= $passwd_salt[rand(scalar(@passwd_salt))]
	    while length($pass) < 8;
    } while (! &passwd::goodenough($pass));
    return ($pass, crypt($pass,   $passwd_salt[rand(scalar(@passwd_salt))]
				. $passwd_salt[rand(scalar(@passwd_salt))]);
}

> another problem is that i need every password in plain text to send
> this initial password via email to every user...

You shouldn't.  E-mail is insecure, snoopers can pick up passwords you
send that way.  Besides, how will the users read their e-mail if they
need the new passwords - which they don't know yet - to log in?

-- 
Hallvard

Follow-Ups:
- Re: password generator
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: password generator
  - From: suffocator@gmx.de
- Re: password generator
  - From: Martin Lesser <admin-openldap@better-com.de>

References:
- password generator
  - From: suffocator@gmx.de

Prev by Date: Re: [?] Filter Question
Next by Date: objectclass question
Index(es):
- Chronological
- Thread