- Community Home
- >
- Servers and Operating Systems
- >
- Operating System - HP-UX
- >
- System Administration
- >
- Encrypted Password Audit
-
-
Categories
- Topics
- Hybrid IT with Cloud
- Mobile & IoT
- IT for Data & Analytics
- Transformation
- Strategy and Technology
- Products
- Cloud
- Integrated Systems
- Networking
- Servers and Operating Systems
- Services
- Storage
- Company
- Events
- Partner Solutions and Certifications
- Welcome
- Welcome
- Announcements
- Tips and Tricks
- Feedback
-
Blogs
- Alliances
- Around the Storage Block
- Behind the scenes @ Labs
- Converged Data Center Infrastructure
- Digital Transformation
- Grounded in the Cloud
- HPE Careers
- HPE Storage Tech Insiders
- Infrastructure Insights
- Inspiring Progress
- Internet of Things (IoT)
- My Learning Certification
- Networking
- OEM Solutions
- Servers: The Right Compute
- Telecom IQ
- Transforming IT
-
Quick Links
- Community
- Getting Started
- FAQ
- Ranking Overview
- Rules of Participation
- Contact
- Email us
- Tell us what you think
- Information Libraries
- Integrated Systems
- Networking
- Servers
- Storage
- Other HPE Sites
- Support Center
- Enterprise.nxt
- Marketplace
- Aruba Airheads Community
-
Categories
-
Forums
-
Blogs
-
InformationEnglish
Encrypted Password Audit
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
03-20-2009 09:16 AM
03-20-2009 09:16 AM
Encrypted Password Audit
Encrypted Password Audit
Thanks
Mike
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
03-20-2009 09:26 AM
03-20-2009 09:26 AM
Re: Encrypted Password Audit
Re: Encrypted Password Audit
By whom? You need to go back to them and ask for details.
All passwords are encrypted. If you are being asked to check if there are passwordless accounts, you have to check /etc/passwd.
If you are being asked if all unix logins over the network are encrypted, that's a different story. You need to stop using telnet/rlogin/ftp and start using ssh.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
03-20-2009 09:30 AM
03-20-2009 09:30 AM
Re: Encrypted Password Audit
Re: Encrypted Password Audit
Jeff Traigle
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
03-20-2009 09:35 AM
03-20-2009 09:35 AM
Re: Encrypted Password Audit
Re: Encrypted Password Audit
You can check it on /etc/passwd file.
If User1:liJnoo0kgFv2c:107:20:,,,:/bsr/bsr247:/usr/bin/sh
if the second field containing some thing like " liJnoo0kgFv2c" , user having ncrypted passwd.
rgds
Bijeesh
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
03-20-2009 10:03 AM
03-20-2009 10:03 AM
Re: Encrypted Password Audit
Re: Encrypted Password Audit
There are 3 possibilities for the password field in /etc/password.
1) A **VALID** encrypted/hashed password. This is a string that is 13 characters long and contains **ONLY** '.', '/', 'A-Z', 'a-z' and '0-9' (not counting the single quotes). There could be another string, separated by a comma, after the hashed password that denotes password aging.
2) An **INVALID** "password". This can be a string that is **NOT** 13 characters long, or a 13 character string that contains a character **OTHER THAN** those described above.
An account set up like could be considered to be locked since it would be impossible to log into it.
3) An **EMPTY** passowrd. This is where the 2nd field in the /etc/passwd file is **BLANK**. For example: user1::1:2:GECOS:/home/me:/usr/bin/sh
Note that there is nothing in the field after the user name.
All of these should be taken into account when doing your audit.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
03-20-2009 10:20 AM
03-20-2009 10:20 AM
Re: Encrypted Password Audit
Re: Encrypted Password Audit
Hewlett Packard Enterprise International
- Communities
- HPE Blogs and Forum
© Copyright 2018 Hewlett Packard Enterprise Development LP