Passwords using $ are being changed to \$ on Linux Systems

  • 7017675
  • 06-Jun-2016
  • 07-Jun-2016

Environment

NetIQ Identity Manager 4.5

Situation

In the bi-directional fanout driver, when syncing a user's password from the ID Vault to a connected system, if the password contains one an escapable character (such as $) it adds an escape character (backslash) to the connected system password.

Resolution

Work-Around:

Modify the modify-password.sh and add-user.sh script. In both files, locate the following line:
     password=`IDMGETVAR PASSWORD`
and change it as follows:
     password=`IDMGETVAR PASSWORD internal`


Cause

Certain characters require being 'escaped' when being evaluated in a scripting environment in order to prevent malicious data from being sent to create a script "injection" scenario.  This means escapable characters, such as "$", have to be converted to use an escape character ("\$", as an example).  Otherwise the shell would interpret it as a shell variable and expand it's value.


Status

Reported to Engineering

Additional Information

Passwords do not go to the shell for evaluation.  They are passed, via stdin, directly to the internal utility that sets passwords.  Therefore, using the "internal" mode for passwords does not escape these characters and leaves it as-is.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.