AIX

hi to all, i have an AIX6.1 machine and i want to decrypt an ssha1 password written on /etc/security/passwd. the reason that i want to do that is because i have some complains about a few users that cannot login and receive the message for invalid login. i suspect that they are entering wrong password because i can see the unsuccessful_login_count attribute of their user to grow when they are entering the password. the problem is that all of them insist that they enter the correct password so i cannot prove that they do something wrong. i did a little search and i read about hashcat but i don't think i can install this on my machine cause the security department probably will not allow me to do this. if somebody knows a way to decrypt it then maybe can send me a private message. thank you

Whats wrong in initializing the password again?
If you suspect something wrong what is stopping you to create a new user, you enter the passwd and reconnect... if as you say is seem general then all accounts should be affected...
If these people connect from PCs are you sure they have not CAPSLOCK or NUMLOCK activated?
I have that problem a few times, and most times (99%!), because just before to go bezeurk I go see the folk, and ask them to show me, people confuse with their PC/AD/Novell password and unix host passwd...

A Forum rules reminder:

well the thing is that users are not in my company. there are users that connect to the server that are located in other offices. also i read that in sha1 encryption even if a user has the same password with someone else it does not have the same encryption code in /etc/security/passwd. so even if i initialize this password to another user i will not get the same hash on my /etc/security/passwd file. i know you are probably right about CAPSLOCK etc but it is so frustrating to arguing with somebody on the phone trying to explain that they do something wrong and yet they insist that they do everything correct.

Well for those users, you give them the new password, saying it works because you have used it to test the connection.. the idea was not to decrypt ssha1 but to see that the password you entered is valid, there is no reason it works for some and not for others, and as I have already said, specially with people not connecting for some time ( have you checked when was last time?) The AD or Novell policy forces the passwd change , the users apply, then when returning to UNIX are suprised and they swear its the correct passwd (yes but its the PC.. not the UNIX) and meanwhile they are so stressed that they have forgotten the UNIX passwd anyway...

the idea of password decryption is that i could decrypt the password from /etc/security/passwd file and use it in order to connect myself and see if its working or not. i can do what you suggest but it will not stop these users to repeat the same behavior again. maybe if i can show to them that they are wrong they are going to pay more attention to what they are doing.

Have you a strict failed login attempt policy? Because I have seen boxes blocked by "Non intrusive" security scan software, if you have that sort of soft...

yes if a user has 5 unsuccessfull login attempts then the account is locked.
but i check the counter anyway and the number is still below 5 when the user complains.