Login or Register to Ask a Question and Join Our Community


Programming

Shadow Passwords

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums Programming Shadow Passwords
# 1  
Old 09-30-2006
Shadow Passwords
I'm writing a 'C' program on various systems (HP-UX, Solaris, AIX, NCR) which needs to interact with a user's password. Some of my systems are using the shadow password and some are not. It is possible for some of my systems to have /etc/shadow, even though the box is not using the file (I know, it doesn't make sense to me either).

My question: How can I tell, from a 'C' program, if the box is really using the /etc/shadow password file when someone logs in?

Thanks.

Chris
# 2  
Old 09-30-2006
What library function are you using to get the passwd entries? Don't just read them using fgets or something. Use getpwent to iteratively read the entire file. getpwent returns a structure that holds the different fields. The second field in that is pw_passwd which holds the user's encrypted passwd.

To determine whether your system is using shadow files or is a trusted system, all you should do is verify that the pw_passwd string is not 13 chars or longer. If it is then you can use the trusted system calls to get the shadow entries. If not, you can use the current pw_passwd string as it does hold the encrypted password for the user.
# 3  
Old 10-01-2006
Chris,

In my experience at work, our HP-UX systems don't shadow the password at all. NCR uses the /etc/shadow file, and I believe AIX uses /etc/security/passwd.

To answer your question: look at the 2nd field in /etc/passwd. If it's a '*' or a 'x' character for every user, it is probably using a shadowed password file. So I would use getpwent() as suggested above, and use strlen() to determine the length of the pw_passwd field. If it's greater than say, 5 characters, they are probably not using a shadow file.

Oh, and it seems that you and I may work for the same corporation. If you turn on private messaging, I may be able to help you more with this.

Thanks,
Nathan
# 4  
Old 10-01-2006
Quote:
Originally Posted by nathan
In my experience at work, our HP-UX systems don't shadow the password at all.
You can download a shadow password package for HP-UX 11i here: HP-UX Shadow Passwords. Shadow passwords are a standard feature starting with HP-UX 11i Version 2 as mentioned in the Release Notes.
# 5  
Old 10-02-2006
Chris,
If you want to actually work with the user's password information, you can use the getspent library function. This reads from the trusted computing base or the shadow files as is fit for the system. I have used this on HP-UX and Solaris. You could try it on other systems.

Cheers.
Login or Register to Ask a Question

Previous Thread | Next Thread

8 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Need a help with /etc/shadow

Hi, I wanna see the content of the file /etc/shadow.. But i don't have the permission and also the root permission. Still is it possible to view it??? Any tricks?? (5 Replies)
Discussion started by: Adhi
5 Replies

2. UNIX for Advanced & Expert Users

When did UNIX start using encrypted passwords, and not displaying passwords when you type them in?

I've been using various versions of UNIX and Linux since 1993, and I've never run across one that showed your password as you type it in when you log in, or one that stored passwords in plain text rather than encrypted. I'm writing a script for work for a security audit, and two of the... (5 Replies)
Discussion started by: Anne Neville
5 Replies

3. Cybersecurity

Cracking complex passwords (/etc/shadow)

I'm doing some labs regarding password cracking on Linux machines. I took the shadow file from one of my virtual machines and it looks like below: bruno:$1$mrVjnhtj$bg47WvwLXN4bZrUNCf1Lh.:14019:0:99999:7::: From my understanding the most important piece regarding password cracking on linux... (1 Reply)
Discussion started by: bcaseiro
1 Replies

4. UNIX for Dummies Questions & Answers

'!!' in /etc/shadow

I notice there are '*'s and '!!'s in my /etc/shadow file. And I know these are for preventing login. But what are the differences among '*', '!' and '!!' ? THX! mail:*:14789:0:99999:7::: uucp:*:14789:0:99999:7::: ... dbus:!!:14919:::::: rpc:!!:14919:0:99999:7::: ...... (4 Replies)
Discussion started by: vistastar
4 Replies

5. UNIX for Advanced & Expert Users

/etc/shadow file....

Does anyone know what "!!" represents in the password field of the /etc/shadow file? :confused: (6 Replies)
Discussion started by: avcert1998
6 Replies

6. Solaris

Passwords in /etc/shadow file

I want to import my passwd/shadow files from Solaris 6 to Solaris 10. I found that the encryption method for passwords has changed. Is there a command or script to convert the Solaris 6 passwords to Solaris 10? I have searched the net and just can't seem to find the answer. For Example: The... (6 Replies)
Discussion started by: westsiderick
6 Replies

7. UNIX for Dummies Questions & Answers

shadow file

Sirs, What is a shadow file,How it be usefull.For my project i have to keep the password in shawdow file also i am doing in php how can i do it. Thanks in advance, ArunKumar (3 Replies)
Discussion started by: arunkumar_mca
3 Replies

8. UNIX for Dummies Questions & Answers

Shadow

Can some one explain to me how to disable the Shadow file or disconnect it from the passwd file. I am trying to configure a UNIX SCO box to use NIS and it continues to look at its own Shadow file. Thanks (5 Replies)
Discussion started by: mokie44
5 Replies
Login or Register to Ask a Question