1

I'm trying to create an initial user in my postgresql database on deployment. Apparently I need to generate a pbkdf2:sha1 key of the password that I want for the user.

For example, say I wanted to add an admin account with username "admin" and password "admin" I would need to hash the password "admin" before inserting it into the table I believe.

Can anyone tell me how I might do this in bash, for example, I tried something along these lines but it didn't seem to work:

ADMIN_PASSWORD=admin
openssl dgst -sha1 -hmac "$ADMIN_PASSWORD"

EDIT: This is a password for postgres database, that's why it needs to be hashed before it can be inserted. I want to achieve this hashing in bash and not python.

Improve this question
8
  • Problem unclear. Who receive the submitted data and read the data in DB in order to have a verify it's a good or bad login? Commented Mar 15, 2015 at 12:52
  • python -c "from werkzeug.security import generate_password_hash; print generate_password_hash("password")" I'm using python to hash the password but I want to do it in bash Commented Mar 15, 2015 at 12:54
  • Then why not make this line of python to be a script file and run it in bash? Commented Mar 15, 2015 at 12:56
  • It seems bash is able to complete the task, so I am hoping to be able to achieve the same result in bash Commented Mar 15, 2015 at 12:59
  • I don't see the difference between using openssl or using python :) Besides, the generate_password_hash in werkzeug is specific for itself use (e.g. How many iterations) I think. So If you want to generate passwd for werkzeug, you should use the python code. Commented Mar 15, 2015 at 13:09

3 Answers 3

Reset to default
1
+100

Input should be passed through stdin. Do this:

ADMIN_PASSWORD=admin
echo -n "${ADMIN_PASSWORD}" | openssl dgst -sha1 -hmac

And you will get output

d033e22ae348aeb5660fc2140aec35850c4da997

on stdout. If you'd rather save it to a variable to be referenced later, do

ADMIN_PASSWORD=admin
SHA1SUM=$(echo "${ADMIN_PASSWORD}" | openssl dgst -sha1 -hmac)

And later refer to the hash as ${SHA1SUM}.

Note: curly braces in ${ADMIN_PASSWORD} and ${SHA1SUM} are optional.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Since this is a one-off task, the hash value will never change - it's a constant, so code it that way:

discover what hash your applicatiin would create for the "admin" user with a password of "admin", and hard-code it into your bash script.

Improve this answer

1 Comment

Thank you for the input. In this case, the password will be generated randomly as part of the script and then needs hashing, so whilst your idea is a good one, I do need it to be dynamic.
1

Why won't you have PostgreSQL generate the hash for you? The functions crypt() and gen_salt() come with some examples, see the documentation.

Improve this answer

3 Comments

Thank you for the reply. I'm not trying to create a user for postgres though, im trying to insert an inital database entry into my database to be used by my application for a front-end login.
Ah, I see. But this is what you asked: "I'm trying to create an initial user in my postgresql database on deployment". You may want to add "for my application" or something similar, even though the two others seem to have understood you right away. What kind of software (PHP, Python,...) does your web application use?
@Jimmy: Answer edited with link to crypt()/gen_salt() examples. I don't know how your app does the authentication, but that is how PostgreSQL supports both auth. and pw change.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.