The UNIX and Linux Forums  

Go Back   The UNIX and Linux Forums > Top Forums > UNIX for Dummies Questions & Answers
Where are the password saved in a UNIX server? Where are the password saved in a UNIX server?
Google UNIX.COM
Forums Portal Register Forum Rules FAQContribute Members List Arcade Search Today's Posts Mark Forums Read


UNIX for Dummies Questions & Answers If you're not sure where to post a UNIX or Linux question, post it here. All UNIX and Linux newbies welcome !!

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
script in saved in compress format naveeng.81 Shell Programming and Scripting 1 04-14-2008 05:31 AM
Sudo file not saved Asteroid UNIX for Advanced & Expert Users 0 07-30-2007 04:18 AM
only root's crontab gets not saved flok UNIX for Advanced & Expert Users 1 06-25-2007 07:50 AM
How can I tranfer an OS/ Unix (from old HD to new HD / include all files saved ) Vietnam UNIX for Dummies Questions & Answers 0 08-04-2006 08:27 PM
I inhereted a Unix server that is password protected...Help! fxsaint UNIX for Dummies Questions & Answers 1 10-26-2000 05:12 PM

Reply
Page 2 of 2 < 1 2
 
Submit Tools LinkBack Thread Tools Search this Thread Display Modes
  #8  
Old 10-18-2006
Registered User
  

Join Date: Oct 2006
Posts: 12
Quote:
Originally Posted by Corona688
Wasn't meant to be. We get "help I forgot the root password" posts all the time but almost never get asked without at least telling us anything at all about situation. your unix? which unix? Syntax of lines in /etc/passwd is:

usernameasswordhash:uid:gid:undefined:homedir:loginshell

When the password hash is x, that means it's stored somewhere else, possibly /etc/shadow. It's not stored plaintext, but as an unrecognizable hash. When someone tries to login, it hashes what they type and compares the hashes.

You don't edit any of these files yourself, you use the passwd command. See 'man passwd'.
Thanks And sorry if I was rud to you to. And thanks for all the other replays.


I went down in det shadow file and found this:

root:$1$Oaj/9dOP$RzZBTVpfYril1tW9.QsDO/:10957:0::::: //the hash is cahnged so if you crack it good work

Is the led here the same as in the last one: usernameasswordhash:uid:gid:undefined:homedir:loginshell

our?
Last edited by hast5; 10-18-2006 at 10:50 AM.
Reply With Quote
Forum Sponsor
  #9  
Old 10-18-2006
Registered User
  

Join Date: Aug 2005
Location: Saskatchewan
Posts: 989
Mostly the same, but this isn't a standard the way /etc/passwd is. It'd be defined by shadow or whatever other program you have does this. The entries are seperated by :. The first two are username and password hash. With the rest of the information available in /etc/passwd, the other fields probably don't mean much. I don't know what the 10957 is but that's sure not root's uid or gid.

Root definitely has a password already, whatever it is.

How did you see that? The whole point of keeping /etc/shadow seperate is so that you can restrict it to root-only.
Last edited by Corona688; 10-18-2006 at 11:16 AM.
Reply With Quote
  #10  
Old 10-19-2006
Supporter
  

Join Date: Jul 2006
Posts: 156
Quote:
...the other fields probably don't mean much. I don't know what the 10957 is but that's sure not root's uid or gid.
My man page on "shadow" describes a C struct which has fields that correspond to the /etc/shadow file. What threw me off initially is that these fields are in days, not seconds, since the epoch.
Code:
DESCRIPTION
       shadow manipulates the contents of the shadow password file, /etc/shadow. The
       structure in the #include file is:

       struct spwd {
             char          *sp_namp; /* user login name */
             char          *sp_pwdp; /* encrypted password */
             long int      sp_lstchg; /* last password change */
             long int      sp_min; /* days until change allowed. */
             long int      sp_max; /* days before change required */
             long int      sp_warn; /* days warning for expiration */
             long int      sp_inact; /* days before account inactive */
             long int      sp_expire; /* date when account expires */
             unsigned long int  sp_flag; /* reserved for future use */
       }

       The meanings of each field are:

       ·  sp_namp - pointer to null-terminated user name

       ·  sp_pwdp - pointer to null-terminated password

       ·  sp_lstchg - days since Jan 1, 1970 password was last changed

       ·  sp_min - days before which password may not be changed

       ·  sp_max - days after which password must be changed

       ·  sp_warn - days before password is to expire that user is warned of pending
          password expiration

       ·  sp_inact - days after password expires that account is considered inactive and
          disabled

       ·  sp_expire - days since Jan 1, 1970 when account will be disabled

       ·  sp_flag - reserved for future use
Reply With Quote
  #11  
Old 10-19-2006
Registered User
  

Join Date: Oct 2006
Posts: 12
OK, I have reinstalled my UNIX and this is what I got.
I go in the terminal and type cd .. cd .. etc to I come to det folder etc in this one I type sudo cat etc and get this: (I only use the root as exampels )

Code:
root:x:0:0:root:/root:/bin/bash
But someone did say something about the shadow file? right?
So I try that one... And get this:

Code:
root:$1$HG6PJiO0$Lk4OpOTdD632/qAdPzAYo/:13440:0:99999:7:::
So I am a littel confjused now... Where can I find the password hash?
Our have i found it in the shadow file. Is it only me that dident se the hash, and what kind is it?

NB: The examples are un changed. If someone find the password dosent matter. I used a exampel password.

Thanks for helping me with this. And for evry one that have been giving med good advice and exampels.
Reply With Quote
  #12  
Old 10-19-2006
Registered User
  

Join Date: Sep 2002
Location: San Fran
Posts: 112
Where is the hash?
You're looking at it.

http://dictionary.reference.com/browse/hash

Basically, it's the output of an obfuscation mechanism. The string of characters after "root:" is not the actual password. The actual password is represented by a fixed string of characters that only means something useful to the security/authentication mechanisms built into the system.

The password has been hashed (see link above).

So it is not trivial to get the root password if it is forgotten (or someone wants to try to steal the password from the files you've been looking at).
Reply With Quote
  #13  
Old 10-19-2006
Registered User
  

Join Date: Aug 2005
Location: Saskatchewan
Posts: 989
Quote:
Originally Posted by hast5
So I am a littel confjused now... Where can I find the password hash?
It's this bit:
Code:
root:$1$HG6PJiO0$Lk4OpOTdD632/qAdPzAYo/:13440:0:99999:7:::
Yes, it looks like garbage. That's kind of the point
Quote:
Our have i found it in the shadow file. Is it only me that didn't see the hash, and what kind is it?
It may be old-fashioned UNIX crypt(), but these days they're switching over to the more secure MD5.

See the linux shadow password HOWTO. It's a bit out of date, particularly in that I don't know of a Linux system that doesn't use shadow by now, but it's a good outline of the what and why.
Reply With Quote
Google The UNIX and Linux Forums
Reply
Page 2 of 2 < 1 2

Tags
linux

« typeset in Ksh | Vi editor basic commands »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode




All times are GMT -7. The time now is 04:37 AM.

The UNIX and Linux Forums RSS Feeds - Contact Us - The UNIX and Linux Forums - Archive - Top

Powered by: vBulletin, Copyright ©2000 - 2006, Jelsoft Enterprises Limited.
The UNIX and Linux Forums Content Copyright ©1993-2008. All Rights Reserved.Ad Management by RedTyger Visit The Complex Event Processing Blog

Content Relevant URLs by vBSEO 3.2.0