HPE Community
Operating System - HP-UX
1753735 Members
4340 Online
108799 Solutions
New Discussion юеВ

user's password keeps getting lost

 
Brad Marks
Super Advisor

тАО10-24-2000 04:23 PM

тАО10-24-2000 04:23 PM

user's password keeps getting lost

Only one user keeps loosing its password every few days. Are there rules regarding what a password can/cannot contain? Currently, the password is "user"; too short?
Why does it work, but only for a short time.
Password ageing is not in effect.
Any way for root to see what the current password of a user is?
Thanx in advance!
It's not impossible -- it'll just cost more...
0 Kudos
Reply
8 REPLIES 8
Rick Garland
Honored Contributor

тАО10-24-2000 05:07 PM

тАО10-24-2000 05:07 PM

Re: user's password keeps getting lost

root can not see what the passwd of a user is unless some special tools are used. Example, can use crack but then that is dependent on crack being able to guess the passwd.

Is there another account will UID=0 that could be manipulating the passwd file? Is sudo in place that would give users the ability to execute commands as root?

Sounds like there is more than 1 root account
0 Kudos
Reply
Tim Malnati
Honored Contributor

тАО10-24-2000 05:16 PM

тАО10-24-2000 05:16 PM

Re: user's password keeps getting lost

This sounds a bit odd. Are you using NIS by chance? There is no method available for root, the user, or anyone else from determining a password without some sort of cracking software. Four characters for a password length is far too short to be secure. Converting your system to 'trusted' will place some minimum standards that users must satisfy in order maintain minimum security standards. Also, what are the permissions that currently exist on /etc/passwd? If a user can write to it (a no-no), someone may potentially be nulling the password on the account in question.
0 Kudos
Reply
Brad Marks
Super Advisor

тАО10-25-2000 09:08 AM

тАО10-25-2000 09:08 AM

Re: user's password keeps getting lost

I've gone through /etc/passwd (permissions are "-r--r--r--") and found no other user with UID=0.
I don't know what "sudo" is, but am willing to bet that it is not in place.
We are not using NIS.

Anything further that I can look for?
Thanks again!
It's not impossible -- it'll just cost more...
0 Kudos
Reply
Victor BERRIDGE
Honored Contributor

тАО10-25-2000 09:22 AM

тАО10-25-2000 09:22 AM

Re: user's password keeps getting lost

You cannot stop a user change his passwd...
So one way to see what going on (since youre not trusted) is save somewhere safe, lets say at /etc/.save where perms= 700 root sys, /etc/passwd with its timestamp=>
cp -p option
And regularly compare you will sure see if the passwd has changed (2nd field), you can also go and see ~users/.sh_history to see if he didnt change his passwd...
0 Kudos
Reply
Brad Marks
Super Advisor

тАО10-25-2000 09:26 AM

тАО10-25-2000 09:26 AM

Re: user's password keeps getting lost

I guess I'll try that to see who/when is mucking about.
Thanks
It's not impossible -- it'll just cost more...
0 Kudos
Reply
Victor BERRIDGE
Honored Contributor

тАО10-25-2000 09:32 AM

тАО10-25-2000 09:32 AM

Re: user's password keeps getting lost

Good luck
Best regards
Victor
0 Kudos
Reply
Rita C Workman
Honored Contributor

тАО10-25-2000 10:38 AM

тАО10-25-2000 10:38 AM

Re: user's password keeps getting lost

I didn't read all the previous messages...but I had someone like this once.

I changed the options on password, so that only 'superuser' or root could change it.
Then I set it and told them this....that way at least when they forgot it I could tell them what it was.

Just a thought,
0 Kudos
Reply
Brad Marks
Super Advisor

тАО10-25-2000 01:56 PM

тАО10-25-2000 01:56 PM

Re: user's password keeps getting lost

Rita,
How do I change the options on password to only allow 'superuser' or root to make changes? This sounds like the most iron-clad way of going about this.
Thanks for your input.
It's not impossible -- it'll just cost more...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.