Solaris

Thanks
AVKlinux

Possibley Script

Skeletellay, extract contents of the /etc/password file & capture the first colum (username) into a array
- cat /etc/passwd | awk -F 'print $1' >> into <array> (check syntax)

Then loop each entry & run a passwd command. Caputure whether sucessful or not - passswd will prompt for the password again if unsussful upto 5 attempts so you wil need to disable this ( again non-syntax script below)

for each $i in <array>
'passwd $i $i'
if 'id' = $i then
'exit' (i.e. logout)
'echo $i is password to $i' >> results.txt
else
'echo $i is not the password to $i' >> results.txt
end if
exit


Of course, this probably won't work, but hey I enjoyed writing it!


------
ms. stevi

Heh, it probably won't work because the passwords are actually stored in the shadow file or in LDAP. I believe for Sol10, "getent passwd" will work, but won't return the password if it's in a shadow file. So you have to do something like this:

Code:

pwd=`getent passwd $USER | awk -F: '{ print $2 }'`
if [ "$pwd" = "x" ]; then
  # password is in shadow file: look there
  pwd=`awk -F: '$1 ~ /^'$USER'$/ { print $2 }'`
fi
echo $USER:$pwd

I don't know what happens if you query LDAP and the password is in a secure LDAP directory. I just don't know. In Linux, you get back a *.

In Solaris, you can't do that, even if you try, might be with least success for the forth coming issues that you might come across or face.

Was that in response to me, Stevie or both?

Here is what I would do (based on the assumption that accounts won't be locked on first failed attempt) and is essentially the same method as Stevie used, but will work even in the event that the passwd command cannot be used.

1. Inform the users that you are going to perform a security audit of passwords.
2. Run a script that runs a login against each user attempting to use the username as a password, the result speaks for itself.

You will sacrifice a login attempt for each user, but you will have informed them all of this.

As for me, I have a security policy which requires that tools like JTR are used to identify weak passwords, so I don't do specific checks like this manually.