Solaris

Hello,

I want to know the reason behing the scene why some systems have hashed password in /etc/shadow file as "x" not the alienoid language like A1Dksxi3kaA.. (13 characters)

As far as I understand, etc/password will show password as "x" and move all hashed password to etc/shadow. However, I do not know why in shadow have "x" in hashed passoword again. Are there any second shadow of shadow ???

one more question please,
sometime hashed password in etc/shadow is an readable words and it is not 13 characters i.e. abc123 I'm doubt that this user cannot login with password "abc123" for sure but I do not know why these users have strange hashed password?

In Oracle, this kind called "imposible password" (like user anonymous have hashed password anonymous) which mean that no one can log in with account anonymous since the hash contain character than heximal range.) however, in Oracle I can identify password directly but I'm not sure how to identify password "abc123" directly in shadow file in Unix. Can I just use vi to edit that ??

Regards,
Smith

You cant edit the passwd directly from a shadow file. Anyway, an empty passwd is denoted by "NP" in the password column in the /etc/passwd file

[sorry for mistake, I edit something since I posted it wrong] change from etc/passwd >> etc/shadow

Thank you very much Incredible,

That's mean administrator of the system edit the etc/shadow file and delete the hash and replace it with 'x' or 'abc123'.

So, these user will be prevented from login since it is impossible to insert any password and encrypt it equal to 'x' or 'abc123'. Do I understand correct, please?

In case you need to disable user from loggiing in, you can use *LK* to set in the passwd file. And sorry for earlier typo, the NP should be in the passwd file as well. If you want to remove the encrypted passwd, you will need to remove the :123GFvVgvgus657vYF: to :: . That's all

Sorry to disturb you again, Incredible. I want to make sure that I understand it correctly.

If shadow file say

john:1$1GFvVgvgus657vYF:::::: >> this is show the hashed password.
abel:123abc::::::: >> this should mean someone edit the shadow file and replace hashed password with 123abc.

well.. I still doubt that why they need to edit it to 123abc ??? are there any myth hidden behind?

Nope, the abc123 is not a password and will never work. somebody probably could have "just editted" it to prevent the user from not logging in again I guess, that's all. Anyway, it would be the wrong way to do so. Never ever attempt to edit the passwd/shadow files by hand, unless you are sure ofno typo mistakes and you're aware of what you're doing.

Thank you very much again Incredible.

So, normally, the practice we use to prevent user from login the Solaris, just remove the password and it'll show *NP* (or lock that account, *LK*). Thank you very much again one more time