https://community.hpe.com/t5/operating-system-hp-ux/encrypted-password-audit/m-p/4384564#M349232 By the way doing a 'man 4 passwd' explains in a bit more detail about the passwd field in the passwd file.<BR /> Fri, 20 Mar 2009 17:20:47 GMT Patrick Wallek 2009-03-20T17:20:47Z https://community.hpe.com/t5/operating-system-hp-ux/encrypted-password-audit/m-p/4384559#M349227 I am being asked to validate all users have encrypted passwords on a non-trusted (no shadow) 11iV1. I am having an issue understanding how to do this.<BR /><BR />Thanks<BR />Mike Fri, 20 Mar 2009 16:16:29 GMT https://community.hpe.com/t5/operating-system-hp-ux/encrypted-password-audit/m-p/4384559#M349227 Simpson 2009-03-20T16:16:29Z https://community.hpe.com/t5/operating-system-hp-ux/encrypted-password-audit/m-p/4384560#M349228 &gt; I am being asked to validate all users have encrypted passwords <BR /><BR />By whom? You need to go back to them and ask for details.<BR /><BR />All passwords are encrypted. If you are being asked to check if there are passwordless accounts, you have to check /etc/passwd. <BR /><BR />If you are being asked if all unix logins over the network are encrypted, that's a different story. You need to stop using telnet/rlogin/ftp and start using ssh. Fri, 20 Mar 2009 16:26:34 GMT https://community.hpe.com/t5/operating-system-hp-ux/encrypted-password-audit/m-p/4384560#M349228 TTr 2009-03-20T16:26:34Z https://community.hpe.com/t5/operating-system-hp-ux/encrypted-password-audit/m-p/4384561#M349229 Well, all passwords on a UNIX system are hashed (not really encrypted). If the system is non-trusted and not using shadow password, the hashed password is in /etc/passwd (second colon-separated field). Fri, 20 Mar 2009 16:30:00 GMT https://community.hpe.com/t5/operating-system-hp-ux/encrypted-password-audit/m-p/4384561#M349229 Jeff_Traigle 2009-03-20T16:30:00Z https://community.hpe.com/t5/operating-system-hp-ux/encrypted-password-audit/m-p/4384562#M349230 Hi,<BR /> You can check it on /etc/passwd file.<BR />If User1:liJnoo0kgFv2c:107:20:,,,:/bsr/bsr247:/usr/bin/sh<BR /><BR />if the second field containing some thing like " liJnoo0kgFv2c" , user having ncrypted passwd.<BR /><BR />rgds<BR />Bijeesh Fri, 20 Mar 2009 16:35:23 GMT https://community.hpe.com/t5/operating-system-hp-ux/encrypted-password-audit/m-p/4384562#M349230 Bijeesh 2009-03-20T16:35:23Z https://community.hpe.com/t5/operating-system-hp-ux/encrypted-password-audit/m-p/4384563#M349231 There are some things you need to understand as part of your audit as well.<BR /><BR />There are 3 possibilities for the password field in /etc/password.<BR /><BR />1) A **VALID** encrypted/hashed password. This is a string that is 13 characters long and contains **ONLY** '.', '/', 'A-Z', 'a-z' and '0-9' (not counting the single quotes). There could be another string, separated by a comma, after the hashed password that denotes password aging.<BR /><BR />2) An **INVALID** "password". This can be a string that is **NOT** 13 characters long, or a 13 character string that contains a character **OTHER THAN** those described above.<BR /><BR />An account set up like could be considered to be locked since it would be impossible to log into it.<BR /><BR />3) An **EMPTY** passowrd. This is where the 2nd field in the /etc/passwd file is **BLANK**. For example: user1::1:2:GECOS:/home/me:/usr/bin/sh<BR /><BR />Note that there is nothing in the field after the user name.<BR /><BR />All of these should be taken into account when doing your audit.<BR /> Fri, 20 Mar 2009 17:03:28 GMT https://community.hpe.com/t5/operating-system-hp-ux/encrypted-password-audit/m-p/4384563#M349231 Patrick Wallek 2009-03-20T17:03:28Z https://community.hpe.com/t5/operating-system-hp-ux/encrypted-password-audit/m-p/4384564#M349232 By the way doing a 'man 4 passwd' explains in a bit more detail about the passwd field in the passwd file.<BR /> Fri, 20 Mar 2009 17:20:47 GMT https://community.hpe.com/t5/operating-system-hp-ux/encrypted-password-audit/m-p/4384564#M349232 Patrick Wallek 2009-03-20T17:20:47Z