Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Shadow Passwords
Top Forums Programming Shadow Passwords Post 302091284 by Perderabo on Sunday 1st of October 2006 03:21:43 AM
Old 10-01-2006
Quote:
Originally Posted by nathan
In my experience at work, our HP-UX systems don't shadow the password at all.
You can download a shadow password package for HP-UX 11i here: HP-UX Shadow Passwords. Shadow passwords are a standard feature starting with HP-UX 11i Version 2 as mentioned in the Release Notes.
 

8 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Shadow

Can some one explain to me how to disable the Shadow file or disconnect it from the passwd file. I am trying to configure a UNIX SCO box to use NIS and it continues to look at its own Shadow file. Thanks (5 Replies)
Discussion started by: mokie44
5 Replies

2. UNIX for Dummies Questions & Answers

shadow file

Sirs, What is a shadow file,How it be usefull.For my project i have to keep the password in shawdow file also i am doing in php how can i do it. Thanks in advance, ArunKumar (3 Replies)
Discussion started by: arunkumar_mca
3 Replies

3. Solaris

Passwords in /etc/shadow file

I want to import my passwd/shadow files from Solaris 6 to Solaris 10. I found that the encryption method for passwords has changed. Is there a command or script to convert the Solaris 6 passwords to Solaris 10? I have searched the net and just can't seem to find the answer. For Example: The... (6 Replies)
Discussion started by: westsiderick
6 Replies

4. UNIX for Advanced & Expert Users

/etc/shadow file....

Does anyone know what "!!" represents in the password field of the /etc/shadow file? :confused: (6 Replies)
Discussion started by: avcert1998
6 Replies

5. UNIX for Dummies Questions & Answers

'!!' in /etc/shadow

I notice there are '*'s and '!!'s in my /etc/shadow file. And I know these are for preventing login. But what are the differences among '*', '!' and '!!' ? THX! mail:*:14789:0:99999:7::: uucp:*:14789:0:99999:7::: ... dbus:!!:14919:::::: rpc:!!:14919:0:99999:7::: ...... (4 Replies)
Discussion started by: vistastar
4 Replies

6. Cybersecurity

Cracking complex passwords (/etc/shadow)

I'm doing some labs regarding password cracking on Linux machines. I took the shadow file from one of my virtual machines and it looks like below: bruno:$1$mrVjnhtj$bg47WvwLXN4bZrUNCf1Lh.:14019:0:99999:7::: From my understanding the most important piece regarding password cracking on linux... (1 Reply)
Discussion started by: bcaseiro
1 Replies

7. UNIX for Advanced & Expert Users

When did UNIX start using encrypted passwords, and not displaying passwords when you type them in?

I've been using various versions of UNIX and Linux since 1993, and I've never run across one that showed your password as you type it in when you log in, or one that stored passwords in plain text rather than encrypted. I'm writing a script for work for a security audit, and two of the... (5 Replies)
Discussion started by: Anne Neville
5 Replies

8. UNIX for Advanced & Expert Users

Need a help with /etc/shadow

Hi, I wanna see the content of the file /etc/shadow.. But i don't have the permission and also the root permission. Still is it possible to view it??? Any tricks?? (5 Replies)
Discussion started by: Adhi
5 Replies

LEARN ABOUT SUSE

yppasswdd

RPC.YPPASSWDD(8)					       NIS Reference Manual						  RPC.YPPASSWDD(8)

NAME

       rpc.yppasswdd - NIS password update daemon

SYNOPSIS

       rpc.yppasswdd [-D directory] -e chsh|chfn [--port number]

       rpc.yppasswdd [-s shadow] [-p passwd] -e chsh|chfn [--port number]

       rpc.yppasswdd -x program | -E program  -e chsh|chfn [--port number]

DESCRIPTION

       rpc.yppasswdd is the RPC server that lets users change their passwords in the presence of NIS (a.k.a. YP). It must be run on the NIS master
       server for that NIS domain.

       When a yppasswd(1) client contacts the server, it sends the old user password along with the new one.  rpc.yppasswdd will search the
       system's passwd file for the specified user name, verify that the given (old) password matches, and update the entry. If the user specified
       does not exist, or if the password, UID or GID doesn't match the information in the password file, the update request is rejected, and an
       error returned to the client.

       If this version of the server is compiled with the CHECKROOT=1 option, the password given is also checked against the systems root
       password.

       After updating the passwd file and returning a success notification to the client, rpc.yppasswdd executes the pwupdate script that updates
       the NIS server's passwd.*  and shadow.byname maps. This script assumes all NIS maps are kept in directories named /var/yp/nisdomain that
       each contain a Makefile customized for that NIS domain. If no such Makefile is found, the scripts uses the generic one in /var/yp.

OPTIONS

       The following options are available:

       -D directory
	   The passwd and shadow files are located under the specified directory path.	rpc.yppasswdd will use this files, not /etc/passwd and
	   /etc/shadow.  This is useful if you do not want to give all users in the NIS database automatic access to your NIS server.

       -E program
	   Instead of rpc.yppasswdd editing the passwd & shadow files, the specified program will be run to do the editing. The following
	   environment variables will be set for the program: YP_PASSWD_OLD, YP_PASSWD_NEW, YP_USER, YP_GECOS, YP_SHELL. The program should return
	   an exit status of 0 if the change completes successfully, 1 if the change completes successfully but pwupdate should not be run, and
	   otherwise if the change fails.

       -p passwdfile
	   This options tells rpc.yppasswdd to use a different source file instead of /etc/passwd This is useful if you do not want to give all
	   users in the NIS database automatic access to your NIS server.

       -s shadowfile
	   This options tells rpc.yppasswdd to use a different source file instead of /etc/passwd. See below for a brief discussion of shadow
	   support.

       -e [chsh|chfn]
	   By default, rpc.yppasswdd will not allow users to change the shell or GECOS field of their passwd entry. Using the -e option, you can
	   enable either of these. Note that when enabling support for ypchsh(1), you have to list all shells users are allowed to select in
	   /etc/shells.

       -x program
	   When the -x option is used, rpc.yppasswdd will not attempt to modify any files itself, but will instead run the specified program,
	   passing to its stdin information about the requested operation(s). There is a defined protocol used to communicate with this external
	   program, which has total freedom in how it propagates the change request. See below for more details on this.

       -m
	   Will be ignored, for compatibility with Solaris only.

       --port number
	   rpc.yppasswdd will try to register itself to this port. This makes it possible to have a router filter packets to the NIS ports.

       -v --version
	   Prints the version number and if this package is compiled with the CHECKROOT option.

MISCELLANEOUS

   Shadow Passwords
       Using Shadow passwords alongside NIS does not make too much sense, because the supposedly inaccesible passwords now become readable through
       a simple invocation of ypcat(1).

       Shadow support in rpc.yppasswdd does not mean that it offers a very clever solution to this problem, it simply means that it can read and
       write password entries in the system's shadow file. You have to produce a shadow.byname NIS map to distribute password information to your
       NIS clients.  rpc.yppasswdd will search at first in the /etc/passwd file for the user and password. If it find's the user, but the password
       is "x" and a /etc/shadow file exists, it will update the password in the shadow map.

   Use of the -x option
       The program should expect to read a single line from stdin, which is formatted as follows:

       <username> o:<oldpass> p:<password> s:<shell> g:<gcos>


       where any of the three fields [p, s, g] may or may not be present.

       This program should write "OK
" to stdout if the operation succeeded. On any other result, rpc.yppasswdd will report failure to the
       client.

       Note that the program specified by the -x option is responsible for doing any NIS make and build, and for doing any necessary validation on
       the shell and gcos field information supplied. The password passed to the client will be in UNIX crypt() format.

   Logging
       rpc.yppasswdd logs all password update requests to syslogd(8)'s auth facility. The logging information includes the originating host's IP
       address and the user name and UID contained in the request. The user-supplied password itself is not logged.

   Security
       rpc.yppasswdd should be as secure or insecure as any program relying on simple password authentication. If you feel that this is not
       enough, you may want to protect rpc.yppasswdd from outside access by using the `securenets' feature of the new portmap(8) version 3. Better
       still, look at rpasswdd(8).

FILES

       /usr/sbin/rpc.yppasswdd

       /usr/lib/yp/pwupdate

       /etc/passwd

       /etc/shadow

SEE ALSO

       passwd(5), shadow(5), passwd(1), rpasswdd(8), yppasswd(1), ypchsh(1), ypchfn(1), ypserv(8), ypcat(1)

AUTHOR

       Olaf Kirch <okir@monad.swb.de> and Thorsten Kukuk <kukuk@linux-nis.org>

NIS Reference Manual						    09/26/2007							  RPC.YPPASSWDD(8)
All times are GMT -4. The time now is 11:20 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy