> I am being asked to validate all users have encrypted passwords

By whom? You need to go back to them and ask for details.

All passwords are encrypted. If you are being asked to check if there are passwordless accounts, you have to check /etc/passwd.

If you are being asked if all unix logins over the network are encrypted, that's a different story. You need to stop using telnet/rlogin/ftp and start using ssh.

Well, all passwords on a UNIX system are hashed (not really encrypted). If the system is non-trusted and not using shadow password, the hashed password is in /etc/passwd (second colon-separated field).

Hi,
You can check it on /etc/passwd file.
If User1:liJnoo0kgFv2c:107:20:,,,:/bsr/bsr247:/usr/bin/sh

if the second field containing some thing like " liJnoo0kgFv2c" , user having ncrypted passwd.

rgds
Bijeesh

There are some things you need to understand as part of your audit as well.

There are 3 possibilities for the password field in /etc/password.

1) A **VALID** encrypted/hashed password. This is a string that is 13 characters long and contains **ONLY** '.', '/', 'A-Z', 'a-z' and '0-9' (not counting the single quotes). There could be another string, separated by a comma, after the hashed password that denotes password aging.

2) An **INVALID** "password". This can be a string that is **NOT** 13 characters long, or a 13 character string that contains a character **OTHER THAN** those described above.

An account set up like could be considered to be locked since it would be impossible to log into it.

3) An **EMPTY** passowrd. This is where the 2nd field in the /etc/passwd file is **BLANK**. For example: user1::1:2:GECOS:/home/me:/usr/bin/sh

Note that there is nothing in the field after the user name.

All of these should be taken into account when doing your audit.

By the way doing a 'man 4 passwd' explains in a bit more detail about the passwd field in the passwd file.