Sponsored Content
Full Discussion: Shadow file password policy
Operating Systems Linux Red Hat Shadow file password policy Post 302458554 by zaxxon on Friday 1st of October 2010 05:18:49 AM
Old 10-01-2010
Maybe I should read what I copy and paste to it's full length. I do not know other means they talk about or at least did not try any out - maybe another member of the forum can give you the answer or you just try out yourself some available to you.
Maybe using PAM and bypassing normal Unix login methods, idk.

To check the maximal value of a gid, I guess you take a look into your distributions header files in /usr/include (I checked on a Debian Linux):
Code:
somebox:/usr/include/bits> grep -i gid typesizes.h
#define __GID_T_TYPE            __U32_TYPE
somebox:/usr/include/bits> grep __U32_TYPE types.h
#define __U32_TYPE              unsigned int
__STD_TYPE __U32_TYPE __socklen_t;

I am not totally sure but I think that is what defines the max for the gid in the system. On a 32-bit system this would 2^32-1 ie. 4294967295 afaik.
Just out of curiosity - why do you need to know that?
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

I want to append password in /etc/shadow file

Hi, I want to append password into /etc/shadow file using a shell script. My below script does add the users to both /etc/passwd and /etc/shadow but how can I add the hordcoded passwords to /etc/shadow file can some one help me ? # To add the groups into /etc/group file for a_user... (5 Replies)
Discussion started by: modgil
5 Replies

2. UNIX for Dummies Questions & Answers

shadow file after a password reset

hi, I had to reset a lost root password by editing the /etc/passwd and /etc/shadow files ( this is a xen vm file, so i mounted and chrooted the file ) after the reboot with an empty password on root , i have set a new password with passwd but it only changed the /etc/passwd file.... (0 Replies)
Discussion started by: progressdll
0 Replies

3. Solaris

Password Recovery From /etc/shadow file

Is it possible to reset a normal user password , by editing password field in /etc/shadow file? Thanks (6 Replies)
Discussion started by: ksvaisakh
6 Replies

4. Solaris

Password policy problem ??

Hi Solaris's expert I need to change user password on Solaris10 2 servers. With the same password I can change it just only one. Try to check everything but not found difference?? password pattern: abcdeFgh9Jk server1 check all characters but server2 check only first 8 characters.Why??... (10 Replies)
Discussion started by: arm_naja
10 Replies

5. Red Hat

NIS password policy

Hi, I am running NIS server on redhat linux 5 and I want to implement password restrictions for the yppasswd, how can I do it.Please help me. I can implement password restriction for passwd by configuring /etc/pam.d/system-auth and setting crack_lib.so but I don't know how to implent the same... (3 Replies)
Discussion started by: ktrimu
3 Replies

6. Solaris

password policy for new user

hi folk, i try to setup a new password policy for our solaris box user, below are the /etc/default/passwd/, but then when i tried to create a user, it didn't ask for numeric character, and the new password also didn't ask for special characters. # useradd testing # passwd testing New... (7 Replies)
Discussion started by: dehetoxic
7 Replies

7. Shell Programming and Scripting

how to remove the non : characters after the password in shadow file?

On SPARC Solaris 10. I set the app account so it's expired. I also want it so not required to change password at first login, I can do this by removing the numbers after the password in /etc/shadow. example using user1 The /etc/shadow file looks like this: user1:kOmcVXAImRTAY:0::::90:: ... (8 Replies)
Discussion started by: TKD
8 Replies

8. UNIX for Dummies Questions & Answers

Using the encrypted password of the shadow file

i have an application that uses the encrypted password that's in the /etc/shadow file. i copied the line for the particular username i was interested it in from shadow file and i pasted it into the password file of the application. the application is nagios. this application allowed that... (5 Replies)
Discussion started by: SkySmart
5 Replies

9. Ubuntu

Password Expiration Policy

Hello Team, I am using Lubuntu & have DRBL remote boot setup with open Ldap authentication. Currently there is no password expire policy. I want to set Password Policy so that user's password will expire after a month & they will get prompt to change their password. Using PAM we can do it,... (1 Reply)
Discussion started by: paragnehete
1 Replies

10. AIX

Password Policy

I need help. I have set a password policy. But I want to dis allow setting user name as password. My policy is as below... min length =8 min diff=2 min alpha=2 max repeats=2 dictionary= /usr/share/dict/words Still user can set his username as password (i.e. Jackie1234). Code tags for... (11 Replies)
Discussion started by: powerAIX
11 Replies
PASSWD(5)							File Formats Manual							 PASSWD(5)

NAME
passwd, group, shadow - user and group databases, shadow passwords SYNOPSIS
/etc/passwd /etc/group /etc/shadow DESCRIPTION
/etc/passwd lists all the users of the system, and /etc/group lists all the groups the users may belong to. Both files also contain encrypted passwords, numeric ID's etc. Encrypted passwords may be hidden in the file /etc/shadow if extra protection is warranted. Each file is an text file containing one line per user or group. The data fields on a line are separated by colons. Each line in the password file has the following form: name:passwd:uid:gid:gecos:dir:shell The name field is the login name of a user, it is up to 8 letters or numbers long starting with a letter. The login name must be unique. The password field is either empty (no password), a 13 character encrypted password as returned by crypt(3), or a login name preceded by two number signs (#) to index the shadow password file. Anything else (usually *) is invalid. The uid and gid fields are two numbers indicating the users user-id and group-id. These id's do not have to be unique, there may be more than one name with the same id's. The gecos field can be set by the user. It is expected to be a comma separated list of personal data where the first item is the full name of the user. The dir field is the path name of the users home directory. Lastly the shell field is the path name of the users login shell, it may be empty to indicate /bin/sh. A Minix specific extension allows the shell field to contain extra space separated arguments for the shell. Lines in the group file consist of four fields: name:passwd:gid:mem The name field is the name of the group, same restrictions as a login name. The passwd field may be used to let users change groups. The gid field is a number telling the group-id. The group-id is unique for a group. The mem field is a comma separated list of login names that are special members of the group. If a system supports supplementary group id's then a user's set of supplementary group id's is set to all the groups they are a member of. If a system allows one to change groups then one can change to a group one is a member of without using the group's password. The shadow password file has precisely the same form as the password file, except that only the name or passwd fields are used as yet. The other fields are zero or empty. A password in the password file may have the form ##user to indicate the entry user in the shadow password file. The password in this entry is then used for authentication of the user. The shadow file can only be read by the privileged utility pwdauth(8), so that the encrypted passwords in the shadow file are kept secret, and thus safe from a dictionary attack. Special password and group file entries There are several entries in the password and group files that are preallocated for current or future use. All id's less than 10 are reserved. The special password file entries are: root:##root:0:0:Big Brother:/usr/src: daemon:*:1:1:The Deuce:/etc: bin:##root:2:0:Binaries:/usr/src: uucp:*:5:5:UNIX to UNIX copy:/usr/spool/uucp:/usr/sbin/uucico news:*:6:6:Usenet news:/usr/spool/news: ftp:*:7:7:Anonymous FTP:/usr/ftp: nobody:*:9999:99::/tmp: ast:*:8:3:Andrew S. Tanenbaum:/usr/ast: The root id is of course the super user. The daemon id is used by some daemons. Some devices are protected so that only those daemons can access them. The bin id owns all sources and most binaries. The uucp, news and ftp id's are for serial line data transfer, usenet news, or ftp if so needed. The nobody id is used in those cases that a program may not have any privileges at all. The ast id is the honorary home directory for Andrew S. Tanenbaum, the creator of Minix. You can also find the initial contents for a new home directory there. The special group file entries are: operator:*:0: daemon:*:1: bin:*:2: other:*:3: tty:*:4: uucp:*:5: news:*:6: ftp:*:7: kmem:*:8: nogroup:*:99: Groups with the same name as special user id are used with those id's. The operator group is for the administrators of the system. Users in this group are granted special privileges. The other group is for ordinary users. The tty group is for terminal devices, and associ- ated set-gid commands. Same thing with the kmem group and memory devices. FILES
/etc/passwd The user database. /etc/group The group database. /etc/shadow The shadow password file. SEE ALSO
login(1), passwd(1), su(1), crypt(3), getpwent(3), getgrent(3), pwdauth(8). NOTES
The nobody and nogroup id's are likely to be renumbered to the highest possible id's once it is figured out what they are. AUTHOR
Kees J. Bot (kjb@cs.vu.nl) PASSWD(5)
All times are GMT -4. The time now is 07:46 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy