Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Shadow Passwords
Top Forums Programming Shadow Passwords Post 302091275 by blowtorch on Saturday 30th of September 2006 09:56:16 PM
Old 09-30-2006
What library function are you using to get the passwd entries? Don't just read them using fgets or something. Use getpwent to iteratively read the entire file. getpwent returns a structure that holds the different fields. The second field in that is pw_passwd which holds the user's encrypted passwd.

To determine whether your system is using shadow files or is a trusted system, all you should do is verify that the pw_passwd string is not 13 chars or longer. If it is then you can use the trusted system calls to get the shadow entries. If not, you can use the current pw_passwd string as it does hold the encrypted password for the user.
 

8 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Shadow

Can some one explain to me how to disable the Shadow file or disconnect it from the passwd file. I am trying to configure a UNIX SCO box to use NIS and it continues to look at its own Shadow file. Thanks (5 Replies)
Discussion started by: mokie44
5 Replies

2. UNIX for Dummies Questions & Answers

shadow file

Sirs, What is a shadow file,How it be usefull.For my project i have to keep the password in shawdow file also i am doing in php how can i do it. Thanks in advance, ArunKumar (3 Replies)
Discussion started by: arunkumar_mca
3 Replies

3. Solaris

Passwords in /etc/shadow file

I want to import my passwd/shadow files from Solaris 6 to Solaris 10. I found that the encryption method for passwords has changed. Is there a command or script to convert the Solaris 6 passwords to Solaris 10? I have searched the net and just can't seem to find the answer. For Example: The... (6 Replies)
Discussion started by: westsiderick
6 Replies

4. UNIX for Advanced & Expert Users

/etc/shadow file....

Does anyone know what "!!" represents in the password field of the /etc/shadow file? :confused: (6 Replies)
Discussion started by: avcert1998
6 Replies

5. UNIX for Dummies Questions & Answers

'!!' in /etc/shadow

I notice there are '*'s and '!!'s in my /etc/shadow file. And I know these are for preventing login. But what are the differences among '*', '!' and '!!' ? THX! mail:*:14789:0:99999:7::: uucp:*:14789:0:99999:7::: ... dbus:!!:14919:::::: rpc:!!:14919:0:99999:7::: ...... (4 Replies)
Discussion started by: vistastar
4 Replies

6. Cybersecurity

Cracking complex passwords (/etc/shadow)

I'm doing some labs regarding password cracking on Linux machines. I took the shadow file from one of my virtual machines and it looks like below: bruno:$1$mrVjnhtj$bg47WvwLXN4bZrUNCf1Lh.:14019:0:99999:7::: From my understanding the most important piece regarding password cracking on linux... (1 Reply)
Discussion started by: bcaseiro
1 Replies

7. UNIX for Advanced & Expert Users

When did UNIX start using encrypted passwords, and not displaying passwords when you type them in?

I've been using various versions of UNIX and Linux since 1993, and I've never run across one that showed your password as you type it in when you log in, or one that stored passwords in plain text rather than encrypted. I'm writing a script for work for a security audit, and two of the... (5 Replies)
Discussion started by: Anne Neville
5 Replies

8. UNIX for Advanced & Expert Users

Need a help with /etc/shadow

Hi, I wanna see the content of the file /etc/shadow.. But i don't have the permission and also the root permission. Still is it possible to view it??? Any tricks?? (5 Replies)
Discussion started by: Adhi
5 Replies

LEARN ABOUT HPUX

grpck

pwck(1M)																  pwck(1M)

NAME

       pwck, grpck - password/group file checkers

SYNOPSIS

       [password [shadow]]

       [password]

       [file]

DESCRIPTION

       scans fields in the password and shadow files and reports any inconsistencies to standard error.  The checks include validation of the num-
       ber of fields, login name, user ID, group ID, and whether the login directory and optional program exist.  In addition, if the  root  entry
       shows  a  program,  it  can  only be one of: or The default password file is The default shadow file is For additional verification, use to
       check consistency between entries in the password and shadow files.

       verifies all entries in the group file and reports any inconsistencies to standard error.  This verification includes a check of the number
       of fields, group name, group ID, and whether all login names appear in the password file.  The default group file is

   Options
       recognizes the following options:

	      Check inconsistencies with the Protected Password database.
		      It calls

	      Check encrypted password lengths that are greater than 8 characters.

DIAGNOSTICS

       Group entries in with no login names are flagged.

WARNINGS

       Successful  password  file  validation is not sufficient for proper system operation.  To help maintain consistency with other system data-
       bases, editing of the password file with is discouraged.  HP recommends that you use or to edit

       HP-UX 11i Version 3 is the last release to support trusted systems functionality.

DEPENDENCIES

   NFS
       and check only the local password, shadow and group files.  The Network Information Service database is not checked.

AUTHOR

       was developed by AT&T and HP.

FILES

SEE ALSO

       authck(1M), pwconv(1M), vipw(1M), group(4), passwd(4), shadow(4).

STANDARDS CONFORMANCE

																	  pwck(1M)
All times are GMT -4. The time now is 03:58 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy