Showing results for 
Search instead for 
Do you mean 

bad user passwords

Regular Advisor

bad user passwords

Is there a way I can determine if a user is logging in with a particular (i.e., default) password? Would I have to use a program like "crack" to determine this?
Insecurity is our friend. It keeps you dependent.
3 REPLIES
Acclaimed Contributor Acclaimed Contributor

Re: bad user passwords

Hi Don,

No there is no way to determine what plaintext
password is using. Crack MAY be able to guess.
The only way to do this would be to code a replacement for login.

Regards, Clay
If it ain't broke, I can fix that.
Honored Contributor Honored Contributor

Re: bad user passwords

The only way you could determine if a passwd has changed is to keep a copy of the passwd file and do a diff against it. That way you will know when the passwords change. If you know when a user is created, make a copy and then check periodically to see if / when the user changes the password.
Highlighted
Honored Contributor Honored Contributor

Re: bad user passwords

Hi,

To be sure that an user will change the default password is to force him to change the password during the next login. To this purpose it is necessary to add in the second field of the respective line in the /etc/passwd file ",.." after encrypted password.

Rgds.
Permanent training makes master