[Tutor] something weird

Thu Dec 12 18:13:48 CET 2013

Hi

I've written the following small script to create SHA512 salted hash to
insert into /etc/shadow

#!/bin/env python

import sys, crypt, getpass

interactive="no"
wantedNumberArgs=2
minumumLength=8

argc=len(sys.argv)
if argc == wantedNumberArgs:
    password=str(sys.argv[1])
elif argc > wantedNumberArgs:
    print "too many aruguments (" + str((argc-1)) + ")"
    sys.exit(3)
else:
    password=getpass.getpass()
    interactive="yes"
passwordLength=len(password)
while passwordLength < minumumLength:
    if passwordLength == 1:
        ltr=""
    else:
        ltr="s"
    print "\npassword too short (only " + str(passwordLength)            \
        + " charachter" + ltr + ", minimum length is "
     \
        + str(minumumLength) + " charachters)"
    password=getpass.getpass()
    passwordLength=len(password)
if interactive=="yes":
    print "\npassword entered: " + password
else:
    print ""
print "password hash: " + crypt.crypt("password")

When I try to do su - [user] (after copying the hash into /etc/shadow) the
password accepted is 'password' even if the input for the script was:
passwOrd (upper case 'o') or passw0ord (zero instead of the letter 'o')

The script is run on a Redhat 6.3 with python:
Python 2.6.6 (r266:84292, Aug 28 2012, 10:55:56)
[GCC 4.4.6 20120305 (Red Hat 4.4.6-4)] on linux2
Type "help", "copyright", "credits" or "license" for more information.

What is wrong with my script?

TIA
Paolo

PS - If my email isn't detailed enough and is missing needed information
juast ask for it...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/tutor/attachments/20131212/255aa031/attachment.html>