|
|
Sponsored Content
Top Forums
UNIX for Dummies Questions & Answers
How to : Identify the the password is encrypted or not in /etc/shadow or /etc/passwd?
Post 302283157 by Ikon on Monday 2nd of February 2009 05:21:03 PM
02-02-2009
As stated before /etc/shadows passwords are encrypted.
1) Username: It is used when user logs in. It should be between 1 and 32 characters in length.
2) Password: An x character indicates that encrypted password is stored in /etc/shadow file.
3) User ID (UID): Each user must be assigned a user ID (UID). UID 0 (zero) is reserved for root and UIDs 1-99 are reserved for other predefined accounts. Further UID 100-999 are reserved by system for administrative and system accounts/groups.
4) Group ID (GID): The primary group ID (stored in /etc/group file)
5) User ID Info: The comment field. It allow you to add extra information about the users such as user's full name, phone number etc. This field use by finger command.
6) Home directory: The absolute path to the directory the user will be in when they log in. If this directory does not exists then users directory becomes /
7) Command/shell: The absolute path of a command or shell (/bin/bash). Typically, this is a shell. Please note that it does not have to be a shell.
Your encrpted password is not stored in /etc/passwd file. It is stored in /etc/shadow file. In the good old days there was no great problem with this general read permission. Everybody could read the encrypted passwords, but the hardware was too slow to crack a well-chosen password, and moreover, the basic assumption used to be that of a friendly user-community.
Almost, all modern Linux / UNIX line operating systems use some sort of the shadow password suite, where /etc/passwd has asterisks (*) instead of encrypted passwords, and the encrypted passwords are in /etc/shadow which is readable by the superuser only.
1) Username: It is used when user logs in. It should be between 1 and 32 characters in length.
2) Password: An x character indicates that encrypted password is stored in /etc/shadow file.
3) User ID (UID): Each user must be assigned a user ID (UID). UID 0 (zero) is reserved for root and UIDs 1-99 are reserved for other predefined accounts. Further UID 100-999 are reserved by system for administrative and system accounts/groups.
4) Group ID (GID): The primary group ID (stored in /etc/group file)
5) User ID Info: The comment field. It allow you to add extra information about the users such as user's full name, phone number etc. This field use by finger command.
6) Home directory: The absolute path to the directory the user will be in when they log in. If this directory does not exists then users directory becomes /
7) Command/shell: The absolute path of a command or shell (/bin/bash). Typically, this is a shell. Please note that it does not have to be a shell.
Your encrpted password is not stored in /etc/passwd file. It is stored in /etc/shadow file. In the good old days there was no great problem with this general read permission. Everybody could read the encrypted passwords, but the hardware was too slow to crack a well-chosen password, and moreover, the basic assumption used to be that of a friendly user-community.
Almost, all modern Linux / UNIX line operating systems use some sort of the shadow password suite, where /etc/passwd has asterisks (*) instead of encrypted passwords, and the encrypted passwords are in /etc/shadow which is readable by the superuser only.
|
|
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
I'm tasked to change a user's password on multiple Linux systems (RH v3). I though copying the encrypted password from one Linux /etc/shadow file to another would work but I was wrong.
The long term solution is to establish an openLDAP Directory service, but for now I'm stuck with a manual... (1 Reply)
Discussion started by: benq70
1 Replies
2. Linux
We are currently using a script to copy the same encrypted password between our HP-UX and Solaris servers editing the trusted and shadow files directly. The encrypted password is only 13 characters long on both servers and decrypts the same way. Is there a way to copy this same string to Linux... (5 Replies)
Discussion started by: keelba
5 Replies
3. Solaris
i wonder if there is a tool to read the /etc/passwd or /etc/shadow files in order to reset user accounts to the same one.
By moving (restore) all filessytem and data to another same Sun box, none of the users are able to logon to the new box which i didn't change nothing. But if i reset the user... (1 Reply)
Discussion started by: lamoul
1 Replies
4. UNIX for Advanced & Expert Users
Hi
I wonder whether is possible to generate enrypted passwd for some user and paste it into /etc/shadow file ?
What kind of encryption is used in /etc/shadow file ?
ths for help. (1 Reply)
Discussion started by: presul
1 Replies
5. Solaris
Hi Folks,
I have Solaris 10, latest release.
We have passwd aging set in /etc/defalut/passwd.
I have an account that passwd should never expire. Acheived by emptying associated users shadow file entries for passwd aging.
When I reset the users passwd using passwd command, it re enables... (3 Replies)
Discussion started by: BG_JrAdmin
3 Replies
6. Solaris
Hi , can anyone explain me the difference between /etc/shadow and /etc/default/passwd . As per my knowledge both the files are used for password aging and control parameters. (2 Replies)
Discussion started by: rogerben
2 Replies
7. UNIX for Advanced & Expert Users
hi, all
I just started on new box where I have to diff passwd working perfectly on the very same account/user. I see that shadow was added recently (I'm not a root in there), I see 'x' in passwd. Not sure how it should work, should I change old passwd for one defined in shadow? Or it's fine to... (20 Replies)
Discussion started by: trento17
20 Replies
8. AIX
Does anyone know when AIX started using /etc/security/passwd instead of /etc/passwd to store encrypted passwords? (1 Reply)
Discussion started by: Anne Neville
1 Replies
9. Shell Programming and Scripting
Hello friends,
We have encrypted password strings for all of our users (each user has different password).
After creating users in Linux, we replace encrypted passwords manually on /etc/shadow so that their passwords directly work. Instead we want to do it using scripting.
I tried with sed... (2 Replies)
Discussion started by: prvnrk
2 Replies
10. UNIX for Dummies Questions & Answers
i have an application that uses the encrypted password that's in the /etc/shadow file.
i copied the line for the particular username i was interested it in from shadow file and i pasted it into the password file of the application. the application is nagios.
this application allowed that... (5 Replies)
Discussion started by: SkySmart
5 Replies
LEARN ABOUT REDHAT
passwd
PASSWD(5) File formats PASSWD(5) NAME
passwd - password file DESCRIPTION
Passwd is a text file, that contains a list of the system's accounts, giving for each account some useful information like user ID, group ID, home directory, shell, etc. Often, it also contains the encrypted passwords for each account. It should have general read permission (many utilities, like ls(1) use it to map user IDs to user names), but write access only for the superuser. In the good old days there was no great problem with this general read permission. Everybody could read the encrypted passwords, but the hardware was too slow to crack a well-chosen password, and moreover, the basic assumption used to be that of a friendly user-community. These days many people run some version of the shadow password suite, where /etc/passwd has *'s instead of encrypted passwords, and the encrypted passwords are in /etc/shadow which is readable by the superuser only. Regardless of whether shadow passwords are used, many sysadmins use a star in the encrypted password field to make sure that this user can not authenticate him- or herself using a password. (But see the Notes below.) If you create a new login, first put a star in the password field, then use passwd(1) to set it. There is one entry per line, and each line has the format: account:password:UID:GID:GECOS:directory:shell The field descriptions are: account the name of the user on the system. It should not contain capital letters. password the encrypted user password or a star. UID the numerical user ID. GID the numerical primary group ID for this user. GECOS This field is optional and only used for informational purposes. Usually, it contains the full user name. GECOS means General Electric Comprehensive Operating System, which has been renamed to GCOS when GE's large systems division was sold to Honeywell. Dennis Ritchie has reported: "Sometimes we sent printer output or batch jobs to the GCOS machine. The gcos field in the password file was a place to stash the information for the $IDENTcard. Not elegant." directory the user's $HOME directory. shell the program to run at login (if empty, use /bin/sh). If set to a non-existing executable, the user will be unable to login through login(1). NOTE
If you want to create user groups, their GIDs must be equal and there must be an entry in /etc/group, or no group will exist. If the encrypted password is set to a star, the user will be unable to login using login(1), but may still login using rlogin(1), run existing processes and initiate new ones through rsh(1), cron(1), at(1), or mail filters, etc. Trying to lock an account by simply chang- ing the shell field yields the same result and additionally allows the use of su(1). FILES
/etc/passwd SEE ALSO
passwd(1), login(1), su(1), group(5), shadow(5) 1998-01-05 PASSWD(5)