topic what is * in /etc/passwd in Operating System - HP-UX

what is * in /etc/passwd

doug mielke — Mon, 24 Jan 2005 14:55:49 GMT

Auditors question: in the /etc/passwd file, no shadow file being used.

What does a * in the password field mean?

In my copy of the Poniatowski HP-UX 11.x system administration and toolkit, page75, it explains that:
"If an asterisk appears in this field, the account can't be used."

Does this mean that no password will satisfy login or crypt requirements, but that root can su to it, create files with that users ownership, just like a normal account?
Is it that the account could be used, but only by root?

Re: what is * in /etc/passwd

Patrick Wallek — Mon, 24 Jan 2005 14:58:47 GMT

A '*' is an invalid password. The '*' is most commonly used, but it could be any other single character as well.

You are correct. You will not be able to log into that account directly, but the root user can su to it (su - username). The account can still own files and daemons can be run by those ids (lp is an example).

Re: what is * in /etc/passwd

Florian Heigl (new acc) — Mon, 24 Jan 2005 14:59:07 GMT

When no /etc/shadow exists, this account is in fact locked out and will be only usable by root as You described it.

Re: what is * in /etc/passwd

A. Clay Stephenson — Mon, 24 Jan 2005 14:59:11 GMT

Actually, any single character in the passwd hash field creates an impossible hash and the account is disabled. By convention, the asterisk is used to denote this state but any other single character would serve equally well.

Re: what is * in /etc/passwd

Biswajit Tripathy — Mon, 24 Jan 2005 15:00:06 GMT

'*' as the passwd in passwd file means you can't log
into the system using that username. Typically used
for anonymous FTP account or www account on your
system that does not require anyone to login.

- Biswajit

Re: what is * in /etc/passwd

Rick Garland — Mon, 24 Jan 2005 15:00:28 GMT

Not a trusted system - no shadow passwd file.

The * in the 2nd field of the means the account is disabled.

Login to that account and you will be unable.
root can do an 'su - '

If a trusted system, a shadow passwd file in use. Downloading this file and try to run through a passwd cracker will yield nothing.

Re: what is * in /etc/passwd

Geoff Wild — Mon, 24 Jan 2005 15:32:54 GMT

Where is the *?

On a Trusted system, field 2 is the Encrypted password field, held by an asterisk instead of an actual password.

In untrusted mode this means the account is locked, the encrypted password is replaced with a *

Rgds...Geoff

Re: what is * in /etc/passwd

doug mielke — Mon, 24 Jan 2005 16:36:40 GMT

thanks all. That's exactly what I needed.