I see that hash value (md5) is defenitly different for those password (I replaced actual string for demonstration. So still have same questions why those 2 different length passwords works ?
And here is output from requested files, sorry it took me while to migrate to another system for security reasons.
Code:
bash-3.00$ cat /etc/pam.d/system-auth /etc/nsswitch.conf
# =====================================================================
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth sufficient /lib/security/pam_lsass.so try_first_pass
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/pam_lsass.so unknown_ok
account sufficient /lib/security/pam_lsass.so
account required /lib/security/$ISA/pam_unix.so
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account required /lib/security/$ISA/pam_permit.so
password sufficient /lib/security/pam_lsass.so
password requisite /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
#
# =====================================================================
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
# nis or yp Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# ldap Use LDAP (only if nss_ldap is installed)
# nisplus or nis+ Use NIS+ (NIS version 3), unsupported
# [NOTFOUND=return] Stop searching if not found so far
#
# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files ldap nis
#shadow: db files ldap nis
#group: db files ldap nis
passwd: files lsass
shadow: files
group: files lsass
#hosts: db files ldap nis dns
hosts: files dns
# Example - obey only what ldap tells us...
#services: ldap [NOTFOUND=return] files
#networks: ldap [NOTFOUND=return] files
#protocols: ldap [NOTFOUND=return] files
#rpc: ldap [NOTFOUND=return] files
#ethers: ldap [NOTFOUND=return] files
bootparams: files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: files
publickey: files
automount: files
aliases: files
Hi,
I cud find entries for user's named nobody and noaccess in the passwd file in the Unix system in which I am working ... I have seen entries for these in other systems too ....
What is the significance for nobody and noaccess ... ?? Anything special ?? Can anyone help ??
Thanks &... (1 Reply)
From what I have read it possible to create a new group by editing the etc/group and etc/passwd in UNIX two files but a non-experienced user may face many problems such as destroying the file by mistake ot that his changes to these file does not make any difference.
However, there is this... (2 Replies)
i wonder if there is a tool to read the /etc/passwd or /etc/shadow files in order to reset user accounts to the same one.
By moving (restore) all filessytem and data to another same Sun box, none of the users are able to logon to the new box which i didn't change nothing. But if i reset the user... (1 Reply)
I'm trying to make this work, and it half works. Accounts with password hashes matching the old crypt(3) algorithm work just fine:
JUpfW/w6jo6aw
But accounts with longer password hashes preceded by $1$, such as the following, do not work:
$1$iIcbppdP$HDyjJeVMGgJ.ovLsnjtTR.... (0 Replies)
Hi Folks,
I have Solaris 10, latest release.
We have passwd aging set in /etc/defalut/passwd.
I have an account that passwd should never expire. Acheived by emptying associated users shadow file entries for passwd aging.
When I reset the users passwd using passwd command, it re enables... (3 Replies)
Hi , can anyone explain me the difference between /etc/shadow and /etc/default/passwd . As per my knowledge both the files are used for password aging and control parameters. (2 Replies)
Hi all..
I moved the /etc/shadow and /etc/shadow files to /tmp and then rebooted my PARC machine running 5.10. I did it to see if I could recover from single user mode.
But, I forgot to enable the abort key-sequence which I earlier disabled.
Stuck!
One of my gurus told I had to... (9 Replies)
Hi,
I have a Solaris 10 box where password aging is not functioning properly. Using the passwd command with the -l or -u options causes the lastchg field in the /etc/shadow file to be modified. Therefore, if a user's password is set to expire in 90 days and they are 1 day away, all they have... (4 Replies)
I am running the ETL job to passing the database username,pssswd positional arguments to shell script (bash) and how can we suppress/hide the password from ps command. (2 Replies)
Discussion started by: pimmit22043
2 Replies
LEARN ABOUT CENTOS
mokutil
MOKUTIL(1) General Commands Manual MOKUTIL(1)NAME
mokutil - utility to manipulate machine owner keys
SYNOPSIS
mokutil [--list-enrolled]
mokutil [--list-new]
mokutil [--list-delete]
mokutil [--import keylist| -i keylist]
([--hash-file hashfile | -f hashfile] | [--root-pw | -P] |
[--simple-hash | -s])
mokutil [--delete keylist | -d keylist]
([--hash-file hashfile | -f hashfile] | [--root-pw | -P] |
[--simple-hash | -s])
mokutil [--revoke-import]
mokutil [--revoke-delete]
mokutil [--export | -x]
mokutil [--password | -p]
([--hash-file hashfile | -f hashfile] | [--root-pw | -P] |
[--simple-hash | -s])
mokutil [--clear-password | -c]
([--simple-hash | -s])
mokutil [--disable-validation]
mokutil [--enable-validation]
mokutil [--sb-state]
mokutil [--test-key | -t] ...
mokutil [--reset]
([--hash-file hashfile | -f hashfile] | [--root-pw | -P] |
[--simple-hash | -s])
mokutil [--generate-hash=password | -gpassword]
DESCRIPTION
mokutil is a tool to import or delete the machines owner keys (MOK) stored in the database of shim.
OPTIONS --list-enrolled
List the keys the already stored in the database
--list-new
List the keys to be enrolled
--list-delete
List the keys to be deleted
--import
Collect the followed files and form a request to shim. The files must be in DER format.
--revoke-import
Revoke the current import request (MokNew)
--revoke-delete
Revoke the current delete request (MokDel)
--export
Export the keys stored in MokListRT
--password
Setup the password for MokManager (MokPW)
--clear-password
Clear the password for MokManager (MokPW)
--disable-validation
Disable the validation process in shim
--enrolled-validation
Enable the validation process in shim
--sb-state
Show SecureBoot State
--test-key
Test if the key is enrolled or not
--reset
Reset MOK list
--generate-hash
Generate the password hash
--hash-file
Use the password hash from a specific file
--root-pw
Use the root password hash from /etc/shadow
--simple-hash
Use the old SHA256 password hash method to hash the password
Note: --root-pw invalidates --simple-hash
Thu Jul 25 2013 MOKUTIL(1)
09-22-2011
