Password Serving Unix/C Program

since your script is shell you could just do it directly in
shell...

example 1, define your user/pass/server variables in your
".profile"

then in your shell script execute ". ${HOME}/.profile" to
set the variables

then access the variables in your shell script...
-S$SRV -U$USR -P$PSWD

-or-

example 2, put variables in files and cat them out in your
shell script, i.e. `cat /home/username/myfile.txt`

Just make sure you chmod 700 myfile.txt so only that user
can read the file


> I'm looking for a C program compilable on Unix systems
> that serves passwords.
>
> A lot of places have something like this. I just don't
> have the time/ resources to rewrite one from scratch.
>
> The C program should be setuid so it can read a secured
> file in a set location.
>
> It should take up to two arguments - the name of a server
> and a user login id (which can default to sa if not
> supplied). It should then check the secured file to check
> that the invoking user has permission to receive the
> required password. It then either returns the desired
> password via stdout or nothing if the user doesn't have
> the right privileges (ie no entry in the password file).
> Encrypted passwords would be even better but then I'd also
> need a program to generate them.
>
> This is obviously so that I can call it from shell scripts
> without embedding passwords in the scripts themselves. Ie
> -
>
> PASSWORD = /path/to/get_passwd $SERVER $USER
>
> [ "$PASSWORD" ] || {
> echo Unable to find password for $USER on server
> $SERVER
> exit 1
> }
>
> Does anybody have one they are willing to share?
>
> Dean
>

On Apr 5, 1:59 am, JR wrote:
> since your script is shell you could just do it directly in
> shell...
>
> example 1, define your user/pass/server variables in your
> ".profile"
>
> then in your shell script execute ". ${HOME}/.profile" to
> set the variables
>
> then access the variables in your shell script...
> -S$SRV -U$USR -P$PSWD
>
> -or-
>
> example 2, put variables in files and cat them out in your
> shell script, i.e. `cat /home/username/myfile.txt`
>
> Just make sure you chmod 700 myfile.txt so only that user
> can read the file

Thank you for your reply but I don't see how its any better than what
we're currently using. Its much the same actually.

I'm trying to get away from using scripts. Modifying or
maintaining .profiles is also a pain when you have lots of users.
Currently, all the existing scripts we have do your second suggestion.
However, the password file is owned by the "sybase" account, so
everyone has to su to run scripts.

A setuid script bypasses this and I can give it the same name without
breaking any of the existing scripts. It also allows me to have
different passwords for different accounts and servers. Currently
we're using the same password because the existing script can only
support one. I don't think this is very secure.

I've used the method I described (a compiled program) before at other
financial institutions so I was hoping someone who had one would be
willing to offer it.

But never mind, I'll write one myself.

Dean