Passwords using $ are being changed to \$ on Linux Systems

  • 7017675
  • 06-Jun-2016
  • 07-Jun-2016


NetIQ Identity Manager 4.5


In the bi-directional fanout driver, when syncing a user's password from the ID Vault to a connected system, if the password contains one an escapable character (such as $) it adds an escape character (backslash) to the connected system password.



Modify the and script. In both files, locate the following line:
     password=`IDMGETVAR PASSWORD`
and change it as follows:
     password=`IDMGETVAR PASSWORD internal`


Certain characters require being 'escaped' when being evaluated in a scripting environment in order to prevent malicious data from being sent to create a script "injection" scenario.  This means escapable characters, such as "$", have to be converted to use an escape character ("\$", as an example).  Otherwise the shell would interpret it as a shell variable and expand it's value.


Reported to Engineering

Additional Information

Passwords do not go to the shell for evaluation.  They are passed, via stdin, directly to the internal utility that sets passwords.  Therefore, using the "internal" mode for passwords does not escape these characters and leaves it as-is.