IRC log for #ubuntu-us-ut on 20081017

01:34.49*** join/#ubuntu-us-ut gunny (n=gunny@76.8.222.141)
01:58.46*** join/#ubuntu-us-ut gunny1 (n=gunny@76.8.222.141)
01:59.04*** part/#ubuntu-us-ut gunny1 (n=gunny@76.8.222.141)
02:01.06*** join/#ubuntu-us-ut gunny (n=gunny@76.8.222.141)
02:28.15*** join/#ubuntu-us-ut Claud-SLC (n=hot@166-70-187-9.ip.xmission.com)
02:37.57*** part/#ubuntu-us-ut gunny (n=gunny@76.8.222.141)
03:30.35tonedevfi opened up the cardboard sleeve of a printed ubuntu CD that someone gave me and out fell a business card for an Aaron Topance.  has anyone ever heard of this guy?
03:31.14tonedevfi didn't realize eightyeight == atopance
03:31.33Zeluttonedevf: hehe yeah
03:31.47Zeluttonedevf: he and I stuffed our cards in all the CD shipments
03:31.48eightyeights/pance/ponce/
03:32.17tonedevfAaron Fancypance
03:32.22tonedevf; )
03:32.25tonedevfsorry
03:32.29tonedevfright on
03:32.34eightyeightheh
03:32.34eightyeightnp
03:32.53tonedevfso can i ask Zelut and eightyeight a question that's been buggin me for a while?
03:33.03eightyeightsure
03:33.26Zelutmay not answer, but you can ask.
03:33.28tonedevfwithout using a directory, how can i keep accounts and passwords synced across two systems?
03:33.53tonedevfcopying the entries in /etc/passwd and /etc/shadow doesn't work
03:34.08eightyeightldap?
03:34.16Zeluteightyeight: without a directory server
03:34.32eightyeightor is that the 'without a directory' clause?
03:34.34eightyeightahh
03:34.35tonedevfbut i'd like it to be that simple, if possible, even it was slightly less secure.
03:34.49tonedevfwithout a directory, right
03:35.04eightyeightso, no directory, and no copying the /etc/passwd and /etc/shadow?
03:35.17Zelutjust two accounts? too hard to just create the two and be done?
03:35.23tonedevfno no, i *can* copy the passwd / shadow files.  
03:35.31tonedevfwhat i meant was that doing so does not work
03:35.31ZelutI can understand piles of accounts..
03:35.34tonedevf... in my testing
03:35.50eightyeightoh. i see
03:35.51tonedevfthe account comes accross but the password does not work
03:36.05tonedevf...and has to be reset
03:36.09eightyeightyeah. the password won't. that's because a salt is getting in the way
03:36.20eightyeightwhich is system-specific
03:36.26tonedevfthat's what i thought.  is there a way i can sync the salt on both boxes?
03:36.37tonedevfwhere does that salt live?
03:36.50Zelutat work we use a central hash when we create accounts so the passwords are all the same by default.
03:37.22tonedevfthat sounds like what i'm after, Zelut.  how do i pull that off?
03:37.28eightyeighttonedevf: iirc, the salt is based on the timestamp of the computer, but don't take me to the bank on that
03:38.06tonedevf'timestamp of the computer'?  you mean like when the system was installed?
03:38.16eightyeightno, like the current epoch
03:38.34eightyeightsame thing as a seed with random numbers
03:38.40tonedevfhow would that work?  that would mean the salt keeps changing
03:39.02eightyeightagain, don't take my word for it. i could by way off
03:39.07tonedevf...but the hash stored in shadow is constant, i thought
03:39.33eightyeighttonedevf: create two accounts with the same password, and notice the hash. they're completely different
03:39.41tonedevfi'm glad to know that my suspicion is at least in the ballpark.
03:40.08tonedevfright
03:40.20eightyeightmaybe it's bassed on the name? same name provides the same hash?
03:40.34tonedevfthe host name?
03:40.55eightyeighthmm. can't create users with the same name
03:41.03tonedevfwhat Zelut described is what i'm after.  i've heard from xmission employees that they do something similar too
03:41.31tonedevf...meaning xmission doesn't use a directory internally for their staff accounts
03:41.32eightyeightZelut: i'm intrigued as well
03:42.39Zelutone min
03:45.48eightyeighthits the sack. it's midnight where he's at
03:47.40tonedevfgnight eightyeight
04:50.47*** join/#ubuntu-us-ut |phoenyx| (n=|phoenyx@97-117-67-119.slkc.qwest.net)
04:53.34tonedevfi'm heading to bed myself, Zelut.  I won't let you off the hook though ; )  Thanks in advance and sleep well.
10:27.45*** join/#ubuntu-us-ut whiteinge (n=whiteing@166-70-191-39.ip.xmission.com)
14:00.03*** join/#ubuntu-us-ut thaddeusq (n=thaddeus@216.49.181.128)
14:38.53eightyeighthttp://usshop.ubuntu.com
14:40.39*** mode/#ubuntu-us-ut [+o eightyeight] by ChanServ
14:40.41*** topic/#ubuntu-us-ut by eightyeight -> http://utah.ubuntu-us.org | Next Meeting: Nov 8th - Release Party | Dec 13th Meeting - Beginning to Advanced Irssi - eightyeight | http://usshop.ubuntu.com
14:40.44*** mode/#ubuntu-us-ut [-o eightyeight] by ChanServ
14:49.01*** join/#ubuntu-us-ut Yorokobi (n=Colby@unaffiliated/yorokobi)
14:51.56eightyeightsynic: nameservers added
15:07.17Zeluteightyeight: tonedevf: this is how I do it
15:07.54Zelutuseradd -p 'INSERT HASH HERE'
15:08.21Zelutwe have a central list of accounts + hashes, and when someone needs an account on a new box we useradd -p 'THEIRHASH'
15:08.34Zelutnow, these are on RHEL/CentOS so YMMV
15:08.50eightyeightwhere do you get the hash?
15:09.46Zelutcopied from the /etc/passwd upon first creation of the account.
15:10.16Zelutso you should be able to copy/paste your current hash on one machine, create a user on a second machine and use the same hash
15:10.17*** join/#ubuntu-us-ut undertakingyou (n=will@undertakingyou.dsl.xmission.com)
15:10.22eightyeightahh
15:10.56tonedevfdo you mean grab the hash from the /etc/shadow?
15:11.06Zelutyeah, thats what I meant.
15:11.18tonedevfinteresting
15:12.02Zelutnow useradd and adduser work differently on ubuntu vs RHEL so it may require some tweaking.
15:12.47tonedevfuseradd is the script on top of adduser, or the other way around?
15:13.11Zeluton ubuntu useradd doesn't do everything adduser does
15:13.40Zelutits still possible, you'll just need to use more of the - options.  ie; create home folder, group, shell assignment, etc.
15:18.33eightyeighton ubuntu, useradd just adds you to /etc/passwd
15:19.54eightyeightadduser, however, creates your home folder, copies everything from /etc/skel/ to your home folder, sets the appropriate owner, group and permissions on your home folder, creates your user private group, adds you to your group, adds you to /etc/shadow, and /etc/gshadow
15:25.08*** join/#ubuntu-us-ut |phoenyx| (n=|phoenyx@70.102.172.126)
15:29.27tonedevfgood to know
15:30.00tonedevfin the /etc/shadow file, is "$1$" part of the hash?  and does the hash include everything up to the next ":"?
15:30.21eightyeightthat tells who what made the hash. in that case, md5
15:31.47tonedevfso everything AFTER the second $ and before the next : ?
15:32.45eightyeightyes
15:32.54eightyeightactually
15:33.22eightyeightbetween $ and the ., i believe is the salt, or describes it, or somehow related
15:33.27eightyeightthen after the . is your hash
15:35.19tonedevfi don't see any .,    not all the entries even have a .
15:35.47eightyeightyou don't have anything like:
15:36.02eightyeight$1$oA0..Hm6$HRtOpXQU9PetTW7uQ2lvI1
15:36.09eightyeights/.././
15:36.20eightyeightbetween the first : and second :
15:36.33eightyeightoh. heh
15:36.42eightyeightno '.' next $
15:36.58eightyeight$1$oA0.Hm6$
15:37.30eightyeight:$ hash-type $ salt-something-or-other $ hashed password :
15:37.49tonedevfokay, that looks more like what i'm seeing
15:38.20tonedevfso again, it's not JUST the hash that need to be the same, but the salt does too, right?  
15:38.42eightyeightdunno. i'd like to study that, to know for sure
15:39.03eightyeightactually, now that i think about it, yes. you would need the salt
15:39.43eightyeightand that's why hashes change, because the salt changes, but it's listed there in the /etc/shadown file, so we apply the hash-alogrithm with their listed salt to produce the same hash everytime
15:40.32tonedevfwhich bring me back to ... why didn't it just work to copy the entry from one /etc/shadow to another?
15:40.45eightyeightsupported hash types?
15:40.59eightyeightgoogles
15:41.11tonedevfi'm messing around with useradd -p and all it seems to be doing is inserting the string i provide into the /etc/shadow file between the 1st and 2nd :
15:41.35tonedevfi'm seeing native account on both machines starting with $1$
15:44.27eightyeighti guess there would be two things going through my mind, as to why it's not working
15:44.46eightyeightfirst would be pam. is pam calling md5 or blowfish or something else to create the hash?
15:45.30eightyeightsecond would be the structure of the salt, and if how it's used
15:46.05eightyeighti know that opensuse 11 uses blowfish on shadow passwords by default, whereas most the rest of the linux community is using md5
15:46.12eightyeightbut it's trivial to change pam to do any of them
15:48.43tonedevfw3wt!!  it worked
15:49.28tonedevfuseradd -p 'everythingbetween1stand2ndcolon'
15:49.43Zelutyeah thats the hash part.
15:49.49tonedevfsingle quotes, of course.  including the has type and salt is required
15:50.10tonedevfit's more than the hash though, that's what threw me
15:50.33tonedevftype$salt$hash, but i guess that makes more sense now that i understand it
15:50.39tonedevfthanks, Zelut!
15:50.41eightyeighti guess i should Use The Source Luke. i can't find anything on the google machine, showing me the hash types in the shadow password, including the salt
15:53.56eightyeightok, we were right.
15:54.01eightyeight1) generate a salt
15:54.14eightyeight2) hash the plain text password with the hashing algo and the salt
15:54.37eightyeight3) place all three in the form of $HASH$SALT$PASS
15:54.52tonedevfnods
15:55.52tonedevfthanks for working through that with me.  amazing how long it took to find an answer... i guess most the time was spent finding the right question to ask.  
15:56.41eightyeight$1$ - MD5
15:56.46eightyeight$2$ - blowfish
15:56.53eightyeight$2a$ - blowfish
15:57.11eightyeight$5$ or $6$ - SHA
16:00.32eightyeightif $ $ $ is missing all together, then DES was used
16:02.48eightyeight$5$ is sha256
16:02.53eightyeight$6$ is sha512
16:04.44eightyeightcool. that was fun
16:04.47eightyeightthx tonedevf
16:13.31tonedevfthank you, eightyeight ; )
16:13.43tonedevfgood info on the hashs, btw
16:18.42eightyeighthttp://search.cpan.org/~zefram/Authen-Passphrase-0.005/lib/Authen/Passphrase.pm#CONSTRUCTORS
16:18.49eightyeightsad that perl comes to the rescue. :)
16:19.11tonedevfsomehow that's not surprising though ; )
16:19.28eightyeighthttp://people.redhat.com/drepper/SHA-crypt.txt describe 5 and 6
20:10.48*** join/#ubuntu-us-ut thenetduck (n=tikiman@c-71-199-29-114.hsd1.ut.comcast.net)
20:10.53thenetduckhey anyone in?
20:17.55thenetduckcan anyone answer some questions I have about full disk encryption?
20:42.56Heartsbanewhat kinda questions
20:47.11thenetduckhey Heartsbane ... ok I an going to install Hardy today(just got my computer back) and will have a / /home /opt parition
20:47.31thenetduckI wanna be able to encrypt /home /tmp  and my swap
20:47.40thenetduckshould I encrypt everything?
20:48.02thenetduckAlso, will I be able to upgrade to 8.10 with ease without re-formatting everything?
20:50.42HeartsbaneI would encrypt everything... as far as updating... I have no idea
20:51.23Heartsbaneyou might want to ask in #ubuntu+1
20:51.41Heartsbanethat is the intrepid ibex channel
20:52.15Heartsbanebut I think you will be fine
21:33.08Zeluteightyeight: man I love how easy it is in openbox to create shortcuts
21:45.22thenetduckdo tell more ....
21:56.23*** join/#ubuntu-us-ut Technoviking (n=mike@ubuntu/member/Technoviking)
22:29.45*** join/#ubuntu-us-ut bigfox (n=bigfox@ecelab28.ece.utah.edu)
22:55.33*** join/#ubuntu-us-ut |phoenyx|_ (n=|phoenyx@70.102.172.126)
23:45.02*** part/#ubuntu-us-ut bigfox (n=bigfox@ecelab28.ece.utah.edu)

Generated by irclog2html.pl Modified by Tim Riker to work with infobot.