System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Blank password hash field in /etc/passwd

SOLVED
Go to solution
send9
Occasional Visitor

Blank password hash field in /etc/passwd

Hello all. Please pardon my HP-UX ignorance in this post, but I have the following question:

A client has several HP-UX B.11.31 systems. In examining the /etc/passwd files, there are several accounts which do not have a placeholder in the field that traditionally held the password hash. This includes root and several regular accounts, i.e:

root::0:3::/:/sbin/sh

IIRC, this would equate to a blank password for that account on most UNIX systems. But I don't know what it would do on HP-UX.

So, is it a blank password or does it have other implications?

Thank you!
5 REPLIES
Steven E. Protter
Exalted Contributor
Solution

Re: Blank password hash field in /etc/passwd

Shalom,

Blank password works the same way in HP-UX as other Unixes or Linux.

Having it blank for root is a HUGE security violation. It needs to be fixed immediately.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Patrick Wallek
Honored Contributor

Re: Blank password hash field in /etc/passwd

Is the system set up as a trusted system?

If it is not, then you have no password for the root, and other, users.

If it is trusted, then you **may** be OK. To see if the system is trusted, try this:

# cat /tcb/files/auth/r/root

If it actually ouputs the contents of a file, then your system is trusted. In this file the password hash is the line that looks like:

:u_pwd=YwqQwQEITVAqg9PZw.v5tm1U:\

As long as there is a string of character there, then you should be OK.

On the other hand, if the cat returns an error like "file not found" then your system is NOT trusted and root is wide open.
Patrick Wallek
Honored Contributor

Re: Blank password hash field in /etc/passwd

2 additional thoughts:

1) What I said above about a trusted system could also hold true if the system is using /etc/shadow to hold passwords. If you do a 'cat /etc/shadow' and you see the file contents, then you are good. Otherwise, not good.

2) How is the system behaving? Does it ask for a root password when you try to log in? If not, then there's no password and your system is likely NOT trusted or shadowed. If it does ask for a password, then it is.
send9
Occasional Visitor

Re: Blank password hash field in /etc/passwd

Thank you for the responses thus far. I am not sure about trusted mode, but I can confirm that /etc/shadow does NOT exist. I cannot connect to the system and try it myself for several reasons, but I will work with the client tomorrow to get a grip on the situation.
Bill Hassell
Honored Contributor

Re: Blank password hash field in /etc/passwd

A Trusted system will always have the directory /tcb. If not, then it is not Trusted. But, if the system is Trusted, it is incorrect to have a null password field. A correct passwd file will have "*" in EVERY user ID line. There is nothing to prevent a novice admin with the root password from editing the passwd file and clobbering the entries. If there is no /tcb directory, then as mentioned, someone has trashed security by removing password requirements from root and other accounts. They may have even created duplicate user UIDs. To see how bad things are, use these commands:

logins -p
logins -d

If the system is important, these security violations must be repaired and the root password restricted to trained administrators.


Bill Hassell, sysadmin