https://community.hpe.com/t5/operating-system-hp-ux/problem-about-shadow-passwords/m-p/3898754#M282645 More information available here:<BR /><BR /><A href="http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=ShadowPassword" target="_blank">http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=ShadowPassword</A><BR /><BR /><BR />Pete Wed, 15 Nov 2006 11:22:46 GMT Pete Randall 2006-11-15T11:22:46Z https://community.hpe.com/t5/operating-system-hp-ux/problem-about-shadow-passwords/m-p/3898750#M282641 Could you tell me what is shadow password?<BR />Does it has any difference with /etc/passwd?<BR />thanks! Wed, 15 Nov 2006 11:13:06 GMT https://community.hpe.com/t5/operating-system-hp-ux/problem-about-shadow-passwords/m-p/3898750#M282641 lin.chen 2006-11-15T11:13:06Z https://community.hpe.com/t5/operating-system-hp-ux/problem-about-shadow-passwords/m-p/3898751#M282642 Shadow password takes your password from /etc/password and stores it in another location, usually /etc/shadow. This folder usually has stronger permissions so not everyone can view it. The problem is hackers can run crack utilities on /etc/password to obtain your password. If youâ re looking for greater security you may want to consider running your server in trusted mode. Please see docs bellow<BR /><BR />Trusted:<BR /><A href="http://docs.hp.com/en/B2355-90121/ch01s04.html" target="_blank">http://docs.hp.com/en/B2355-90121/ch01s04.html</A><BR /><BR />Shadow:<BR /><A href="http://docs.hp.com/en/5187-0701/ch08s10.html" target="_blank">http://docs.hp.com/en/5187-0701/ch08s10.html</A> Wed, 15 Nov 2006 11:20:54 GMT https://community.hpe.com/t5/operating-system-hp-ux/problem-about-shadow-passwords/m-p/3898751#M282642 Romanek 2006-11-15T11:20:54Z https://community.hpe.com/t5/operating-system-hp-ux/problem-about-shadow-passwords/m-p/3898752#M282643 Unix does not store encrypted passwords but rather password hashes. This means that then cannot be decrypted because the hashing process is not reversible,. However, a guessing attack can succeed. You passwd your guess through the normal crypt() function and if the output matches the stored password hash, you guessed correctly. In a traditional password file which is readable by everyone, the password hash is simply a field in that file -- so anyone could apply a password guessing attack and have a value that could be compared. In a shadowed system, the password hash is moved out to another file that is only readable by root and the original hash field is replaced with '*'. Wed, 15 Nov 2006 11:21:52 GMT https://community.hpe.com/t5/operating-system-hp-ux/problem-about-shadow-passwords/m-p/3898752#M282643 A. Clay Stephenson 2006-11-15T11:21:52Z https://community.hpe.com/t5/operating-system-hp-ux/problem-about-shadow-passwords/m-p/3898753#M282644 sorry that should of been /etc/passwd. Wed, 15 Nov 2006 11:21:58 GMT https://community.hpe.com/t5/operating-system-hp-ux/problem-about-shadow-passwords/m-p/3898753#M282644 Romanek 2006-11-15T11:21:58Z https://community.hpe.com/t5/operating-system-hp-ux/problem-about-shadow-passwords/m-p/3898754#M282645 More information available here:<BR /><BR /><A href="http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=ShadowPassword" target="_blank">http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=ShadowPassword</A><BR /><BR /><BR />Pete Wed, 15 Nov 2006 11:22:46 GMT https://community.hpe.com/t5/operating-system-hp-ux/problem-about-shadow-passwords/m-p/3898754#M282645 Pete Randall 2006-11-15T11:22:46Z