HPE Community
Operating System - HP-UX
1751701 Members
5099 Online
108781 Solutions
New Discussion юеВ

Shadow Password

 
Sunil Rahate_1
Advisor

тАО12-04-2008 10:31 PM

тАО12-04-2008 10:31 PM

Shadow Password

Hello,

I need to configure Shadow password on Itanium server version B.11.31

Need to know what steps are required to follow and does the system requires reboot.

Thanks & Regards
0 Kudos
Reply
7 REPLIES 7
likid0
Honored Contributor

тАО12-04-2008 11:20 PM

тАО12-04-2008 11:20 PM

Re: Shadow Password

man pwconv


pwconv(1M) pwconv(1M)




NAME
pwconv - install, update or check the /etc/shadow file

SYNOPSIS
/usr/sbin/pwconv [-t] [-v]

DESCRIPTION
The pwconv command installs or appends /etc/shadow with information
from /etc/passwd, or checks for any discrepancies between the contents
of the two files.

The pwconv command without options does the following:

1. Creates the file /etc/shadow if it does not exist; otherwise,
it removes all entries for usernames that are not present in
/etc/passwd.
2. For each entry in /etc/passwd, move the encrypted password
and aging information to /etc/shadow. Entries in /etc/passwd
that have no encrypted password or aging information will not
overwrite information in /etc/shadow.
3. Writes an "x" in each password field of the /etc/passwd file
to indicate that the password and aging information reside in
the /etc/shadow file.
Windows?, no thanks
0 Kudos
Reply
unixguy_1
Regular Advisor

тАО12-04-2008 11:38 PM

тАО12-04-2008 11:38 PM

Re: Shadow Password


Hi Orange,

I have some doubt about the shadow password.

What is it used?

Can u guide me something,iam not able to understand, what's differnece between the /etc/passwd and /etc/shadow.


Pls guide me something.....


Regards,
Unixguy.

0 Kudos
Reply
Sunil Rahate_1
Advisor

тАО12-04-2008 11:47 PM

тАО12-04-2008 11:47 PM

Re: Shadow Password

Dear Orange,

Does HPUX B.11.31 need any Shadow Bundle to be installed. If bundle not required does pwconv will create the shadow password. After pwconv does the system requires reboot.

Thanks & Regards
0 Kudos
Reply
likid0
Honored Contributor

тАО12-04-2008 11:57 PM

тАО12-04-2008 11:57 PM

Re: Shadow Password



It's a way for protecting the encripted passwords you have in /etc/passwd, beacause /etc/passwd has to be read for all the users on the system.

when you use shadow passwd, in /etc/passwd

you get * on the second field:

root:*:0:3::/root:/usr/bin/ksh

and the encrypted passwd goes to another file called /etc/shadow

man shadow more info

the same way if u use a truested system the info goes to /tcb


it's standard on 11.23 and 11.31 you don't need no install any bunble/product.

and you don't need to reboot.


Windows?, no thanks
0 Kudos
Reply
saravanan08
Valued Contributor

тАО12-05-2008 12:54 AM

тАО12-05-2008 12:54 AM

Re: Shadow Password

straight away we can shift password from /etc/passwd to /etc/shadow y using
command

# pwconv

then change the /etc/shadow parameters like min days max days warning days using

# passwd command with arguments/ refer man page

no need of system reboot
thank you
0 Kudos
Reply
~sesh
Esteemed Contributor

тАО12-05-2008 01:02 PM

тАО12-05-2008 01:02 PM

Re: Shadow Password

Normally the password for users are stored in the /etc/passwd file in an encrypted format. When vi / cat the /etc/passwd file you will see some encrypted characters in the second column (after the user name separated by a colon ":").

However, this presents a security problem as somebody knowing the method of encryption can "decrypt" the password easily.

Hence shadow password present one more level of protection by replacing the password from the passwd file to a "x".

You can use the pwconv (to enable shadow password) and pwunconv (to disable shadow password).
0 Kudos
Reply
~sesh
Esteemed Contributor

тАО12-05-2008 01:05 PM

тАО12-05-2008 01:05 PM

Re: Shadow Password

Sunil Rahate - I have assigned points to 0 of 35 responses to my questions.

Please do keep assigning points to people who are coming forward to help.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.