topic Linux user password security in Operating System - Linux

Linux user password security

Michael Williams_6 — Tue, 08 Mar 2005 11:02:51 GMT

Hello all!

I'm currently in the middle of a project to port a SCO based NIS server to Linux (unfortunately LDAP didn't quite work for me, but that's another story!)

I'd like to verify that our users are indeed using secure passwords in line with our IT policy. I've found a password cracker, but it's pretty lame and pretty slow.

I'd like to find a tool that will systematically go through our NIS domain (or take a copy of the raw files) and try to crack the password, if it fails to do so in say 30 seconds, then the password is ok.

Does anyone know of any mechanism to do this?

Re: Linux user password security

Dave Falloon — Tue, 08 Mar 2005 11:14:38 GMT

I've used john the ripper to crack passwords, its fast and can read a passwd file.

http://www.openwall.com/john/

I would also look into using pam's cracklib.so, I don't remember if it works over NIS though.

I hope that helps

--Dave

Re: Linux user password security

Michael Williams_6 — Tue, 08 Mar 2005 11:18:20 GMT

Hi Dave,

"John" was actually the password cracker I was using, it was pathetic! Took ages to find the password "password" on 8 users and only found 15 in 6 hours...

I'm running on a 3.6Ghz G4 server, so expect this to be a little quicker, maybe I had the command line wrong, can you tell me what the command line you used was to pick up the password (assuming you're still using it of course!)