npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

ansible-bogus-linux-pwhash

v1.0.2

Published

A linux password hash value (for the password field in /etc/passwd or /etc/shadow) that is invalid (i.e. there is no correct input that could match this hash) but can be used with ansible without fuss.

Downloads

9

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

mk-pmbmk-pmb

Keywords

ansiblebogusinvalidpasswordpassword hash

Readme

ansible-bogus-linux-pwhash

A linux password hash value (for the password field in /etc/passwd or /etc/shadow) that is invalid (i.e. there is no correct input that could match this hash) but can be used with ansible without fuss.

API

This module exports one string.

Why make a package for a static string?

  • To have a place for the documentation, to describe the idea behind it.
  • To have a place for distributing updates, in case it turns out later versions of ansible will have other criteria.
  • To have an issue tracker.
  • To have a place to run CI tests. (To be implemented; see open issues.)

The problem

I encountered a scenario where I want to configure a desktop user account that can not be used to login interactively or via SSH. (The login manager is configured to start a session for that user when appropriate, without password prompt.)

Inside that session, xscreensaver shall be able to lock the screen, and a custom event mechanism is set up to stop xscreensaver when appropriate. Unfortunately, when no password was set, xscreensaver would exit on any activity, with no password asked at all. I want the opposite effect: It asks for a password but no possible input can be correct.

Solution for Ubuntu

So I attempted a fake SHA-512 password hash: $6$fakesalt$bogus Any real password hash will be much longer, so there cannot be a password whose hash is literally bogus. This seems to work very well in Ubuntu, as expected.

Solution for Ubuntu and ansible

However, when using ansible 2.9.9, the user task to update that hash fails with

[WARNING]: The input password appears not to have been hashed. The 'password' argument must be encrypted for this module to work properly.

when the hash is not exactly 86 characters long. So how about we use 86 characters, but include some that are not in the usual charset?

According to wikipedia, the charset used by crypt (CLI frontend: mkpasswd) is ., /, 0-9, A-Z, a-z, with no padding. Let's check:

$ mkpasswd --method=sha-512 qux fakesalt | tr 0-9A-Za-z ' '
$ $        $                                  /             /     /             .        .       .

Looks like WP is correct on that. Thus, no real password hash can contain =. Also = is a good candidate for the first character of the hash, because a hash based on the idea of Base64 probably won't use the Base64 padding character in its data charset.

Known issues

  • Needs more/better tests and docs.

 

License

ISC