06-12-2013
If you login to a local terminal, you talk to /bin/login, if you login with sshd it goes its own way, but these days everything talks to the same login system -- pam. (pluggable authentication modules) It's not a program, it's a library, and it's very very picky about what it talks to, all controlled by configuration files under /etc/pam.d/
It's very configurable, but you mostly see it used the traditional way, where it checks /etc/passwd for login information and /etc/shadow for passwords.
/etc/passwd is where things like the location of your home folder and your default shell are stored. It can be read by anyone. /etc/shadow, readable only by root, is where hashed passwords are stored -- passwords go through a one-way function like md5 or sha to scramble them. You can't turn it back into a password, you can only compare two hashes to see if they're the same. (And even that takes some effort, because pam 'salts' them with a small random string.)
Still, hashed passwords aren't invulnerable. With enough computing power, you can hash millions of possible passwords until you find a match. This is why the 'passwd' file doesn't contain passwords anymore; as computers became more powerful, the hashed passwords required better protection.
So pam compares the hash of the password you typed with the stored hash to see if they match, and if they do, makes the setuid() system call to change its process ID into a different user, and following that, executes your shell.
These 3 Users Gave Thanks to Corona688 For This Post:
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Is the following even possible ? by echo $3, I mean enter password when prompted for it. My main issue is that it would deal with a prompted password, which is passed from the command line like this:
./processing serverA user password
I cannot not use expect here, I heard that was very... (1 Reply)
Discussion started by: seaten
1 Replies
2. Shell Programming and Scripting
Can we write a script to telnet to a unix server from unix with the username and password hardcoded in the script??
something like ssh a@b -p password ??? (5 Replies)
Discussion started by: roshanjain2
5 Replies
3. Shell Programming and Scripting
Hi,
I am encoding the username and password to the url and use it with wget.
I.e wget ftp://username:password@myserver.com/test.mp3
However this does not work if the password contains @ character. if the password contains @, then the encoded url becomes
wget... (1 Reply)
Discussion started by: learn more
1 Replies
4. Red Hat
I have a RHEL 5 server that I can log into with an LDAP account hosted on a server running Sun DSEE 6.3 with an ssh key pair but not with my username and password. When I try to login to the console I am given the "login incorrect" message as if I fat fingered my password. Other users with... (5 Replies)
Discussion started by: ilikecows
5 Replies
5. UNIX for Dummies Questions & Answers
Hi I am new to unix and I am trying to figure out how to write a shell script with a login name and password. I want to do something along the lines of if both are correct it echoes "you are logged in" and if the password is wrong it echoes "wrong password" and same with the login name. I've tried... (7 Replies)
Discussion started by: thedemonhunter
7 Replies
6. UNIX for Dummies Questions & Answers
hi all,
i run sqlplus command on unix(HP-UX)
like "sqlplus username/password@serverA @deneme.sql"
but when someone run "ps -ef | grep sqlplus", it can see my username and password :(
How can i hide username and password.
thanx. (1 Reply)
Discussion started by: temhem
1 Replies
7. Shell Programming and Scripting
Hi,
Whenever I open my unix box,after providing username and password I get the following message.
Are you authorised to use this computer as detailed above? (Y)es/(N)o : y
Export: Release 10.2.0.2.0 - Production on Mon May 16 16:00:15 2011
Copyright (c) 1982, 2005, Oracle. All rights... (5 Replies)
Discussion started by: emilybose
5 Replies
8. Shell Programming and Scripting
Hi
I am new to using unix and am struggling with a script i am writing. What i am trying to do is get a user to enter a username, check the original file i created with username and pin to see if their is a corresponding entry. Next ask the user to enter the pin and see if this matches... (5 Replies)
Discussion started by: somersetdan
5 Replies
9. UNIX for Dummies Questions & Answers
Picked up a 3b2 running System V. Works fine, but it requires a username and password. Is the username "root" or "sysadm"? How do I find out and how to I reset it or bypass it?
Thanks. (2 Replies)
Discussion started by: TanRuNomad
2 Replies
10. Red Hat
I am not a computer geek but I recently was given a Dell Latitude c400 laptop which has Red Hat Linux 2.4.20-6 GRUB Version 0.93. First of all I have no clue how to even use this operating system and I was never given the username or password. Is there anyone out there who could possibly help me... (4 Replies)
Discussion started by: missfixit74
4 Replies
LEARN ABOUT REDHAT
passwd
PASSWD(5) File formats PASSWD(5)
NAME
passwd - password file
DESCRIPTION
Passwd is a text file, that contains a list of the system's accounts, giving for each account some useful information like user ID, group
ID, home directory, shell, etc. Often, it also contains the encrypted passwords for each account. It should have general read permission
(many utilities, like ls(1) use it to map user IDs to user names), but write access only for the superuser.
In the good old days there was no great problem with this general read permission. Everybody could read the encrypted passwords, but the
hardware was too slow to crack a well-chosen password, and moreover, the basic assumption used to be that of a friendly user-community.
These days many people run some version of the shadow password suite, where /etc/passwd has *'s instead of encrypted passwords, and the
encrypted passwords are in /etc/shadow which is readable by the superuser only.
Regardless of whether shadow passwords are used, many sysadmins use a star in the encrypted password field to make sure that this user can
not authenticate him- or herself using a password. (But see the Notes below.)
If you create a new login, first put a star in the password field, then use passwd(1) to set it.
There is one entry per line, and each line has the format:
account:password:UID:GID:GECOS:directory:shell
The field descriptions are:
account the name of the user on the system. It should not contain capital letters.
password the encrypted user password or a star.
UID the numerical user ID.
GID the numerical primary group ID for this user.
GECOS This field is optional and only used for informational purposes. Usually, it contains the full user name. GECOS means
General Electric Comprehensive Operating System, which has been renamed to GCOS when GE's large systems division was sold
to Honeywell. Dennis Ritchie has reported: "Sometimes we sent printer output or batch jobs to the GCOS machine. The gcos
field in the password file was a place to stash the information for the $IDENTcard. Not elegant."
directory the user's $HOME directory.
shell the program to run at login (if empty, use /bin/sh). If set to a non-existing executable, the user will be unable to
login through login(1).
NOTE
If you want to create user groups, their GIDs must be equal and there must be an entry in /etc/group, or no group will exist.
If the encrypted password is set to a star, the user will be unable to login using login(1), but may still login using rlogin(1), run
existing processes and initiate new ones through rsh(1), cron(1), at(1), or mail filters, etc. Trying to lock an account by simply chang-
ing the shell field yields the same result and additionally allows the use of su(1).
FILES
/etc/passwd
SEE ALSO
passwd(1), login(1), su(1), group(5), shadow(5)
1998-01-05 PASSWD(5)