HPE Community
Operating System - HP-UX
1751694 Members
4856 Online
108781 Solutions
New Discussion юеВ

Re: Encrypted Password Audit

 
Simpson
Occasional Advisor

тАО03-20-2009 09:16 AM

тАО03-20-2009 09:16 AM

Encrypted Password Audit

I am being asked to validate all users have encrypted passwords on a non-trusted (no shadow) 11iV1. I am having an issue understanding how to do this.

Thanks
Mike
0 Kudos
Reply
5 REPLIES 5
TTr
Honored Contributor

тАО03-20-2009 09:26 AM

тАО03-20-2009 09:26 AM

Re: Encrypted Password Audit

> I am being asked to validate all users have encrypted passwords

By whom? You need to go back to them and ask for details.

All passwords are encrypted. If you are being asked to check if there are passwordless accounts, you have to check /etc/passwd.

If you are being asked if all unix logins over the network are encrypted, that's a different story. You need to stop using telnet/rlogin/ftp and start using ssh.
0 Kudos
Reply
Jeff_Traigle
Honored Contributor

тАО03-20-2009 09:30 AM

тАО03-20-2009 09:30 AM

Re: Encrypted Password Audit

Well, all passwords on a UNIX system are hashed (not really encrypted). If the system is non-trusted and not using shadow password, the hashed password is in /etc/passwd (second colon-separated field).
--
Jeff Traigle
0 Kudos
Reply
Bijeesh
Respected Contributor

тАО03-20-2009 09:35 AM

тАО03-20-2009 09:35 AM

Re: Encrypted Password Audit

Hi,
You can check it on /etc/passwd file.
If User1:liJnoo0kgFv2c:107:20:,,,:/bsr/bsr247:/usr/bin/sh

if the second field containing some thing like " liJnoo0kgFv2c" , user having ncrypted passwd.

rgds
Bijeesh
0 Kudos
Reply
Patrick Wallek
Honored Contributor

тАО03-20-2009 10:03 AM

тАО03-20-2009 10:03 AM

Re: Encrypted Password Audit

There are some things you need to understand as part of your audit as well.

There are 3 possibilities for the password field in /etc/password.

1) A **VALID** encrypted/hashed password. This is a string that is 13 characters long and contains **ONLY** '.', '/', 'A-Z', 'a-z' and '0-9' (not counting the single quotes). There could be another string, separated by a comma, after the hashed password that denotes password aging.

2) An **INVALID** "password". This can be a string that is **NOT** 13 characters long, or a 13 character string that contains a character **OTHER THAN** those described above.

An account set up like could be considered to be locked since it would be impossible to log into it.

3) An **EMPTY** passowrd. This is where the 2nd field in the /etc/passwd file is **BLANK**. For example: user1::1:2:GECOS:/home/me:/usr/bin/sh

Note that there is nothing in the field after the user name.

All of these should be taken into account when doing your audit.
0 Kudos
Reply
Patrick Wallek
Honored Contributor

тАО03-20-2009 10:20 AM

тАО03-20-2009 10:20 AM

Re: Encrypted Password Audit

By the way doing a 'man 4 passwd' explains in a bit more detail about the passwd field in the passwd file.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.