topic Re: finding forgotten user passwords in Operating System - HP-UX

finding forgotten user passwords

Mark Vollmers — Wed, 01 Nov 2000 18:01:22 GMT

I have a user that logs on to our Unix server very rarely. He has forgotten his password. I have looked under the /etc/password file, and it is encrypted, and I cannot find a shadow file if one exists (it is not in the /etc folder). Is there a way to log in as root and see the password, or do I need to create a new one through SAM?

Re: finding forgotten user passwords

Kofi ARTHIABAH — Wed, 01 Nov 2000 18:07:34 GMT

As they say, you are out of luck! You will have to create a new one.

Login as root, and execute

passwd username

Cheers,

Kofi

Re: finding forgotten user passwords

Rick Garland — Wed, 01 Nov 2000 19:12:12 GMT

Even though the root account can become any other user and do as he/she may please, the root account does not know the passwds. Will have to dish out another passwd.

Re: finding forgotten user passwords

Ralph Grothe — Thu, 02 Nov 2000 08:48:48 GMT

Another, not guaranteed to work, approach could be to run a password cracker like crack.
But to succeed this requires the user with the forgotten password to have chosen a poor password.
Simplifying, this comes near to a brute force method where entries in dictionaries are encrypted using Unix's crypt function and compared against the encrypted string in the 2nd field of /etc/passwd until a match is found.
So the success very much depends on what dictionary libs you are using (preferably those with respect to your locales, language/naming habits etc.)
If you are administering a system with many users who you suspect to lack password conscientiousness it is a good habit to run crack over your passwd or shadow file on a regular basis to sort out weak passwords.

For futher details have a look at

http://ftp.cs.umt.edu/u/wright/494/unixcrack.html

Re: finding forgotten user passwords

Pepe Jimenez Muñoz — Thu, 02 Nov 2000 09:45:01 GMT

Hi

if you have a trusted system in /tcb/files/auth there are the directories containing one file per user. Inside you see the password.

Re: finding forgotten user passwords

Suhas_2 — Thu, 02 Nov 2000 13:59:22 GMT

Mark,
In unix there is no way to see the passwd of a user. You will have to regenerate the passwd for the user using "passwd "

Pepe Jimeneze,
Even trusted systems, where you have /tcb/files/auth...filesystem,
no one can see the passwd of the user. There are separate files
per user, but they contain additional information about the user and
ENCRYPTED passwd.
a typical entry in /tcb/files/auth/?/???? will look like:

sysadm:u_name=sysadm:u_id#203:
:u_pwd=jcZTP10dOfIdE:
:u_auditid#10:
:u_auditflag#1:
:u_minchg#0:u_exp#0:u_succhg#967550177:u_pswduser=sysadm:
:u_suclog#968314244:u_suctty=ttyp4:u_unsuclog#968314240:u_unsuctty=ttyp4:
:u_lock@:chkent:

Hence the best way is to give the user a new passwd..and later ask him to change it himself.

Hope this helps...
Suhas...

Re: finding forgotten user passwords

Mark Vollmers — Thu, 02 Nov 2000 14:17:30 GMT

thanks a lot for the info. It really helped.