cancel
Showing results for 
Search instead for 
Did you mean: 

Encrypted Password Audit

 
Simpson
Occasional Advisor

Encrypted Password Audit

I am being asked to validate all users have encrypted passwords on a non-trusted (no shadow) 11iV1. I am having an issue understanding how to do this.

Thanks
Mike
5 REPLIES
TTr
Honored Contributor

Re: Encrypted Password Audit

> I am being asked to validate all users have encrypted passwords

By whom? You need to go back to them and ask for details.

All passwords are encrypted. If you are being asked to check if there are passwordless accounts, you have to check /etc/passwd.

If you are being asked if all unix logins over the network are encrypted, that's a different story. You need to stop using telnet/rlogin/ftp and start using ssh.
Jeff_Traigle
Honored Contributor

Re: Encrypted Password Audit

Well, all passwords on a UNIX system are hashed (not really encrypted). If the system is non-trusted and not using shadow password, the hashed password is in /etc/passwd (second colon-separated field).
--
Jeff Traigle
Bijeesh
Respected Contributor

Re: Encrypted Password Audit

Hi,
You can check it on /etc/passwd file.
If User1:liJnoo0kgFv2c:107:20:,,,:/bsr/bsr247:/usr/bin/sh

if the second field containing some thing like " liJnoo0kgFv2c" , user having ncrypted passwd.

rgds
Bijeesh
Patrick Wallek
Honored Contributor

Re: Encrypted Password Audit

There are some things you need to understand as part of your audit as well.

There are 3 possibilities for the password field in /etc/password.

1) A **VALID** encrypted/hashed password. This is a string that is 13 characters long and contains **ONLY** '.', '/', 'A-Z', 'a-z' and '0-9' (not counting the single quotes). There could be another string, separated by a comma, after the hashed password that denotes password aging.

2) An **INVALID** "password". This can be a string that is **NOT** 13 characters long, or a 13 character string that contains a character **OTHER THAN** those described above.

An account set up like could be considered to be locked since it would be impossible to log into it.

3) An **EMPTY** passowrd. This is where the 2nd field in the /etc/passwd file is **BLANK**. For example: user1::1:2:GECOS:/home/me:/usr/bin/sh

Note that there is nothing in the field after the user name.

All of these should be taken into account when doing your audit.
Patrick Wallek
Honored Contributor

Re: Encrypted Password Audit

By the way doing a 'man 4 passwd' explains in a bit more detail about the passwd field in the passwd file.