Shell – Validate AIX Password for root from script

aixpasswordshell-script

Looking for a way in a shell script to validate the password for for root on an (AIX) matches a standardized plain text password. This query is similar to another one on this site. I have access to root and can compile a c Program if needed.
I have been abel to find standard libraries to do this for HP-UX and Linux. Now I am working on AIX and I have been hitting nothing but road blocks. I have been able to extract the salt and the hash and I know the plain text password. I am wanting to input the salt and password and get back the password hash so the I can compare it to what is stored on the server.

Best Answer

I'm not familiar with AIX, there may be a dedicated tool for that. This tool is likely to need to run as root, though.

Rather than code it yourself, I recommend using existing tools. Pass the password to su and test whether su succeeds. Note that you'll have to run su as root. Since su reads the password from the terminal, you'll need to use Expect to pass it.

Here's a script inspired from cluelessCoder's on a similar question on Stack Overflow. Note that this script needs to run as a non-root user, otherwise su will not prompt for a password.

#!/bin/sh
PASSWORD=swordfish

expect << EOF
spawn su -c exit
expect "Password:"
send "$PASSWORD\r"
set wait_result  [wait]

# check if it is an OS error or a return code from our command
#   index 2 should be -1 for OS erro, 0 for command return code
if {[lindex \$wait_result 2] == 0} {
        exit [lindex \$wait_result 3]
} 
else {
        exit 1 
}
EOF
if [ $? -eq 0 ]; then
  echo "The password is correct"
else
  echo "The password is wrong"
fi

If you have Perl, or if you want to use a C program, see this answer to a similar question which shows how to extract the password hash and compute a hash of the supplied password with the same salt, under Linux. You may need to adjust the hash extraction if your system uses the traditional DES scheme.

Related Question