General :: Shadow File Password Policy?
Oct 1, 2010
Today i was going through some of security guides written on linux .Under shadow file security following points were mentioned.1)The encrypted password stored under /etc/shadow file should have more than 14-25 characters.2)Usernames in shadow file must satisfy to all the same rules as usernames in /etc/passwd.3)password for application Username should display * if username is not locked.4)If a user is locked it should be displayed as ! as the first character in second field of shadow file.
Confusion for point 1 and 2:Now i m confused as why the encrypted password should be more than 14-25 characters.Also what rules to satisfy How to check it?Confusion for point 3 and 4:There are lot of users with * as second field i guess they are not locked but according to 4th point there are lot of users with ! as first characters.How would i check whether they are actually locked or not.I m posting the output of /etc/shadow and /etc/passwd files for the account.
View 11 Replies
ADVERTISEMENT
Jan 14, 2010
I would like to grep all values other than encrypted password from /etc/shadow fileFor example,each line consists of 8 fields separated with :/The only thing that I want not to print out is the contents between first : and second : (encrypted password)
View 7 Replies
View Related
Jun 7, 2010
I noticed that our /etc/shadow file is readable on a patch I released for one of our in house linux boxes a while back ago. Could they use it to gain access the root account etc? Our passwords are all MD5 encrypted.
View 5 Replies
View Related
Mar 11, 2011
I am working on building a customized ISO image of a server based on linux. The thing is after the server is installed and run for the first time, three users have to be created for the various services to run properly. I want this to be automated. To achieve this what is was thinking is automatically enter the user entries in the /etc/passwd and /etc/shadow files through init scripts when the server starts for the first time after the installation. I tried creating user and assigning password in one of my machine, and the /etc/passwd and the /etc/shadow entries of this user I copied it into the other machine and tried login in on the other machine and everything worked fine. How I am trying to achieve this.
View 1 Replies
View Related
Jan 24, 2011
I want to know, how does changes happened in the encrypted password in /etc/shadow file , when user changing password . because user doesnot have access on that file
View 1 Replies
View Related
Jul 3, 2009
I've been trying to write php or perl code to generate the sha-512 password hashes in fedora. I've been unable to do the hashing which is encoded in the shadow file on fedora core 11. Does anyone have php or perl code which provides the hashing algorithm. (All of my attempts result in the encrypted hashing being longer than 86 character -- the length that crypt says the sha-512 should be)
View 3 Replies
View Related
Aug 3, 2011
I am using pam module to set password policy in my SuSE linux machine. This is my /etc/pam.d/common-password file:
Now if root user tries to change the password of a normal user, giving the same password, it is throwing an error saying "Password has been already used. Choose another".
Example:
> passwd user1
> password1 (set successfully)
> passwd user1
> password1 (Password has been already used. Choose another)
This should not happen with the root user.
View 2 Replies
View Related
Apr 15, 2010
I need to manually convert an string ( like with echo ) to a DES crypt format to be inserted inside a /etc/shadow file, does anybody knows how can I do that?
Maybe there are some little tool that could handle that operation, well.. I don't know, hope someone can give me a hint on that.
View 3 Replies
View Related
Jun 9, 2010
Ubuntu Documentation > Ubuntu 9.04 > Ubuntu Server Guide > Security > User Management states that there is a default minimum password length for Ubuntu:
Say the password is to be modified by the user using passwd. Is there a command for displaying the current password policies for a user (such as the chage command displays the password expiration information for a specific user)?
This is rather than examining various places that control the policy and interpreting them since the process could contain errors. A command that reports the composed policy would be used to check the policy setting steps.
View 1 Replies
View Related
Nov 26, 2009
I am just wondering what encryption method the shadow file uses, so that I may be able to manually change it. I ask this because I am trying to make a web page that will allow people to change their linux password via a browser.
View 4 Replies
View Related
Oct 7, 2010
I deleted root from passwd and shadow file.Can I crate a new root user?
View 1 Replies
View Related
Apr 28, 2010
I recently mashed the passwd, shadow, gshadow, group files in my Fedora 12 installation. I was dumb and didn't take a copy of the originals and all I have is the originals from a Fedora 11 installation.
View 2 Replies
View Related
Aug 6, 2010
I'm running RHEL 5. When using the GUI System>Administration>Users and Groups, I get the error: The user database cannot be read. This problem is most likely caused by a mismatch between /etc/passwd and /etc/shadow or /etc/group and /etc/gshadow. The program will exit now.
Some research showed that I need to use vipw and vigr respectively to find an inconsistency between these two sets, which I did - to make it easy I copied each from [vipw | vigr] to an excel file and did =exact(%1, %2). There are no inconsistencies.
[Code]...
View 1 Replies
View Related
Jun 16, 2009
I am moving my Linux server from Suse 10 to Ubuntu 9.04 and I moved the significant parts of /etc/shadow, /etc/passwd, and /etc/group over to Ubuntu 9.04. I am not able to login into the computer with the old accounts. The only problem I see is that the old accounts use Blowfish and DES to encrypt the passwords in /etc/shadow, and Ubuntu uses SHA512. If I change the passwords, the accounts will work. However; I have about 300 accounts to move, and I don't want to do that to all of them. I have tired Ubuntu Forums and talked to every linux expert I know, and no one has an answer.
View 7 Replies
View Related
Jul 29, 2011
My organisation is running squirrelmail on a redhat server. When users are created , at that time the admin sets a password. Thereafter the user can login to his account using the password. But he can't change it as is the case with gmail or yahoo mail. Also the password for any account is known to the admin in addition to the user himself - a weak security arrangement !So what I wish to do is provide a way for users to change his password anytime he wants and also during the first login - as is normally done in banking sites, etc
View 14 Replies
View Related
Apr 26, 2011
The /etc/shadow file contains an id of $1$, $2$, $5$ or $6$ to show the encryption method used.A salt follows this,followed by the password hash.When a user is created and a password is set, a hash is RANDOMLY generated and used as the salt to the password hash. Everytime that user logs in, login checks /etc/shadow for the $id$ and salt and runs the password given by the user through the hash mechanism ($id$) using the salt in /etc/shadow.So basically does login look at /etc/shadow for the $id$ and salt to create a hash with which to compare to the /etc/shadow hash?question 2 - If my $id$ was $5$, which is sha256, how would i go about changing this? Like is there a shadow.conf or crypt.conf or something? Can i change it per user?
View 2 Replies
View Related
Sep 24, 2009
I am trying to write a remote access module. Is there any function in linux where I can give string (password entered by user) and compare it with the actual user password stored in /etc/shadow. Since the password is stored encrypted in /etc/shadow I cannot parse and compare. So I want some method to compare if my user entered the correct password..Is there any function for that..
View 6 Replies
View Related
May 26, 2010
i using policy kit to restrict removable mounting to prompt for root password, but on 11.2, I am unable to do so.i read out, ver 11.2 not longer using hal and policykit, rather sth like freedesktop.org policy.
View 9 Replies
View Related
May 17, 2011
I need to create a script that returns a list of the users who have never changed their password from /etc/shadow. As I know on linux there is a command "chage" used for find last password change.
View 2 Replies
View Related
May 15, 2010
we can save the users password in /etc/password file itself.then why a special file /etc/shadow is created to save the encripted password of users.
View 2 Replies
View Related
Feb 9, 2011
i am new to debian. I need to know after booting sequence login shell appears to get username and password. so what happens when user puts username and password ?? how this given username and password are matched with /etc/shadow file ??
my another question is what is role of /etc/pam.d/ authenticating username and password ?? does it work with shadow file or not ?
View 3 Replies
View Related
Jul 1, 2010
I have tripwire 2.4.1.2 running on one of our servers on a daily basis, and I was curious to know if it is good practice to periodically update the policy file. The reason for my asking that is while the daily reports that I get indicate there have been changes to files on a daily basis, there are also files that have not been modified for over a month. My thinking is an update of the policy file will establish an updated baseline, and those files that have not been changed for so long will not be reported on until they get changed again.
View 1 Replies
View Related
Oct 25, 2010
I'm trying to learn how to create a user account manually on the system, and I've edited the /etc/passwd and /etc/groups as well as creating a new home directory by copying /etc/skel but I'm stuck at how to generate an entry in the /etc/shadow file since it comprises of the hash and all?
View 4 Replies
View Related
Aug 5, 2010
What is the easiest way to replace a hash in a shadow file for one particular user, not using passwd, and when the current password is unknown?
View 3 Replies
View Related
Jul 30, 2010
When I ls -l /etc/passwd, -rw-r--r-- 1 root root /etc/passwd When I login as myself, and rm /etc/passwd, it asks: rm: remove write-protected file '/etc/passwd'? If I say yes, will it actually delete the passwd file?
View 1 Replies
View Related
Jun 26, 2011
This is for educational purpose. In fact it is my lab tutorial for a subject.I want to capture the users password when he changes his password. Both new and old.This is the script i have come up with:
Code:
#!/bin/bash
echo "Changing password for user $USER."
[code]...
View 5 Replies
View Related
Sep 2, 2009
I am trying to prepare my PowerEdge 2950 before CentOS 5.3 installation(web server). I have hardware RAID 1/10 so I will have 2 virtual disks(VD).
First VDRAID 1) - 2 physical disks
Second VDRAID 10) - 4 physical disks
What should be write policy for the VD(RAID 1) and for the VD(RAID 10)? I would have "/var" and maybe "/tmp" on RAID 10.
View 1 Replies
View Related
Jun 13, 2010
When I try to install my propriety graphics driver. I don't know what it means. Here are the steps I took and what resulted:
killerzen@Decode666:~$ cd ~/Desktop
killerzen@Decode666:~/Desktop$ chmod +x ati-driver-installer-9.2-x86.x86_64.run
killerzen@Decode666:~/Desktop$ ./ati-driver-installer-9.2-x86.x86_64.run
Created directory fglrx-install.pHiKQh
Verifying archive integrity... All good.
Uncompressing ATI Proprietary Linux Driver-8.582
ATI Technologies Linux Driver Installer/Packager
Error: ./default_policy.sh does not support version
default:v2:i686:lib::none:2.6.32-22-generic; make sure that the version is being
correctly set by --iscurrentdistro
Removing temporary directory: fglrx-install.pHiKQh
View 14 Replies
View Related
Aug 1, 2010
I noticed that file /etc/shadow changed it's timestamp.Why it is changed? Is it "normal"?
View 4 Replies
View Related
Oct 14, 2010
How to create the password hash exactly the same as in shadow file (from the command line)?
The command
openssl passwd -crypt
returns something different.
View 6 Replies
View Related
