Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Shadow file password policy
Operating Systems Linux Red Hat Shadow file password policy Post 302458509 by pinga123 on Friday 1st of October 2010 03:04:13 AM
Old 10-01-2010
Shadow file password policy
Today i was going through some of security guides written on linux .

Under shadow file security following points were mentioned.

1)The encrypted password stored under /etc/shadow file should have more than 14-25 characters.
2)Usernames in shadow file must satisfy to all the same rules as usernames in /etc/passwd.
3)password for application Username should display * if username is not locked.
4)If a user is locked it should be displayed as ! as the first character in second field of shadow file.

Confusion for point 1 and 2:
Now i m confused as why the encrypted password should be more than 14-25 characters.
Also what rules to satisfy How to check it?

Confusion for point 3 and 4:
There are lot of users with * as second field i guess they are not locked but according to 4th point there are lot of users with ! as first characters.
How would i check whether they are actually locked or not.

I m posting the output of /etc/shadow and /etc/passwd files for the account.

/etc/passwd
Quote:
admin:x:500:500::/home/admin:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
/etc/shadow

Quote:
admin:$1$YSmsjgr7$m3YjwsZNdQ/Z24QXGWj8O1:14879:0:99999:7:::
ntp:!!:14866:0:99999:7:::
mail:*:14866:0:99999:7:::
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

I want to append password in /etc/shadow file

Hi, I want to append password into /etc/shadow file using a shell script. My below script does add the users to both /etc/passwd and /etc/shadow but how can I add the hordcoded passwords to /etc/shadow file can some one help me ? # To add the groups into /etc/group file for a_user... (5 Replies)
Discussion started by: modgil
5 Replies

2. UNIX for Dummies Questions & Answers

shadow file after a password reset

hi, I had to reset a lost root password by editing the /etc/passwd and /etc/shadow files ( this is a xen vm file, so i mounted and chrooted the file ) after the reboot with an empty password on root , i have set a new password with passwd but it only changed the /etc/passwd file.... (0 Replies)
Discussion started by: progressdll
0 Replies

3. Solaris

Password Recovery From /etc/shadow file

Is it possible to reset a normal user password , by editing password field in /etc/shadow file? Thanks (6 Replies)
Discussion started by: ksvaisakh
6 Replies

4. Solaris

Password policy problem ??

Hi Solaris's expert I need to change user password on Solaris10 2 servers. With the same password I can change it just only one. Try to check everything but not found difference?? password pattern: abcdeFgh9Jk server1 check all characters but server2 check only first 8 characters.Why??... (10 Replies)
Discussion started by: arm_naja
10 Replies

5. Red Hat

NIS password policy

Hi, I am running NIS server on redhat linux 5 and I want to implement password restrictions for the yppasswd, how can I do it.Please help me. I can implement password restriction for passwd by configuring /etc/pam.d/system-auth and setting crack_lib.so but I don't know how to implent the same... (3 Replies)
Discussion started by: ktrimu
3 Replies

6. Solaris

password policy for new user

hi folk, i try to setup a new password policy for our solaris box user, below are the /etc/default/passwd/, but then when i tried to create a user, it didn't ask for numeric character, and the new password also didn't ask for special characters. # useradd testing # passwd testing New... (7 Replies)
Discussion started by: dehetoxic
7 Replies

7. Shell Programming and Scripting

how to remove the non : characters after the password in shadow file?

On SPARC Solaris 10. I set the app account so it's expired. I also want it so not required to change password at first login, I can do this by removing the numbers after the password in /etc/shadow. example using user1 The /etc/shadow file looks like this: user1:kOmcVXAImRTAY:0::::90:: ... (8 Replies)
Discussion started by: TKD
8 Replies

8. UNIX for Dummies Questions & Answers

Using the encrypted password of the shadow file

i have an application that uses the encrypted password that's in the /etc/shadow file. i copied the line for the particular username i was interested it in from shadow file and i pasted it into the password file of the application. the application is nagios. this application allowed that... (5 Replies)
Discussion started by: SkySmart
5 Replies

9. Ubuntu

Password Expiration Policy

Hello Team, I am using Lubuntu & have DRBL remote boot setup with open Ldap authentication. Currently there is no password expire policy. I want to set Password Policy so that user's password will expire after a month & they will get prompt to change their password. Using PAM we can do it,... (1 Reply)
Discussion started by: paragnehete
1 Replies

10. AIX

Password Policy

I need help. I have set a password policy. But I want to dis allow setting user name as password. My policy is as below... min length =8 min diff=2 min alpha=2 max repeats=2 dictionary= /usr/share/dict/words Still user can set his username as password (i.e. Jackie1234). Code tags for... (11 Replies)
Discussion started by: powerAIX
11 Replies

LEARN ABOUT DEBIAN

passwd

PASSWD(5)						   File Formats and Conversions 						 PASSWD(5)

NAME

       passwd - the password file

DESCRIPTION

       /etc/passwd contains one line for each user account, with seven fields delimited by colons (":"). These fields are:

       o   login name

       o   optional encrypted password

       o   numerical user ID

       o   numerical group ID

       o   user name or comment field

       o   user home directory

       o   optional user command interpreter

       The encrypted password field may be blank, in which case no password is required to authenticate as the specified login name. However, some
       applications which read the /etc/passwd file may decide not to permit any access at all if the password field is blank. If the password
       field is a lower-case "x", then the encrypted password is actually stored in the shadow(5) file instead; there must be a corresponding line
       in the /etc/shadow file, or else the user account is invalid. If the password field is any other string, then it will be treated as an
       encrypted password, as specified by crypt(3).

       The comment field is used by various system utilities, such as finger(1).

       The home directory field provides the name of the initial working directory. The login program uses this information to set the value of
       the $HOME environmental variable.

       The command interpreter field provides the name of the user's command language interpreter, or the name of the initial program to execute.
       The login program uses this information to set the value of the $SHELL environmental variable. If this field is empty, it defaults to the
       value /bin/sh.

FILES

       /etc/passwd
	   User account information.

       /etc/shadow
	   optional encrypted password file

       /etc/passwd-
	   Backup file for /etc/passwd.

	   Note that this file is used by the tools of the shadow toolsuite, but not by all user and password management tools.

SEE ALSO

       crypt(3), getent(1), getpwnam(3), login(1), passwd(1), pwck(8), pwconv(8), pwunconv(8), shadow(5), su(1), sulogin(8).

shadow-utils 4.1.5.1						    05/25/2012								 PASSWD(5)
All times are GMT -4. The time now is 05:02 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy