cancel
Showing results for 
Search instead for 
Did you mean: 

Shadow Password

Shadow Password

Hello,

I need to configure Shadow password on Itanium server version B.11.31

Need to know what steps are required to follow and does the system requires reboot.

Thanks & Regards
7 REPLIES
likid0
Honored Contributor

Re: Shadow Password

man pwconv


pwconv(1M) pwconv(1M)




NAME
pwconv - install, update or check the /etc/shadow file

SYNOPSIS
/usr/sbin/pwconv [-t] [-v]

DESCRIPTION
The pwconv command installs or appends /etc/shadow with information
from /etc/passwd, or checks for any discrepancies between the contents
of the two files.

The pwconv command without options does the following:

1. Creates the file /etc/shadow if it does not exist; otherwise,
it removes all entries for usernames that are not present in
/etc/passwd.
2. For each entry in /etc/passwd, move the encrypted password
and aging information to /etc/shadow. Entries in /etc/passwd
that have no encrypted password or aging information will not
overwrite information in /etc/shadow.
3. Writes an "x" in each password field of the /etc/passwd file
to indicate that the password and aging information reside in
the /etc/shadow file.
Windows?, no thanks
unixguy_1
Regular Advisor

Re: Shadow Password


Hi Orange,

I have some doubt about the shadow password.

What is it used?

Can u guide me something,iam not able to understand, what's differnece between the /etc/passwd and /etc/shadow.


Pls guide me something.....


Regards,
Unixguy.

Re: Shadow Password

Dear Orange,

Does HPUX B.11.31 need any Shadow Bundle to be installed. If bundle not required does pwconv will create the shadow password. After pwconv does the system requires reboot.

Thanks & Regards
likid0
Honored Contributor

Re: Shadow Password



It's a way for protecting the encripted passwords you have in /etc/passwd, beacause /etc/passwd has to be read for all the users on the system.

when you use shadow passwd, in /etc/passwd

you get * on the second field:

root:*:0:3::/root:/usr/bin/ksh

and the encrypted passwd goes to another file called /etc/shadow

man shadow more info

the same way if u use a truested system the info goes to /tcb


it's standard on 11.23 and 11.31 you don't need no install any bunble/product.

and you don't need to reboot.


Windows?, no thanks
saravanan08
Valued Contributor

Re: Shadow Password

straight away we can shift password from /etc/passwd to /etc/shadow y using
command

# pwconv

then change the /etc/shadow parameters like min days max days warning days using

# passwd command with arguments/ refer man page

no need of system reboot
thank you
~sesh
Esteemed Contributor

Re: Shadow Password

Normally the password for users are stored in the /etc/passwd file in an encrypted format. When vi / cat the /etc/passwd file you will see some encrypted characters in the second column (after the user name separated by a colon ":").

However, this presents a security problem as somebody knowing the method of encryption can "decrypt" the password easily.

Hence shadow password present one more level of protection by replacing the password from the passwd file to a "x".

You can use the pwconv (to enable shadow password) and pwunconv (to disable shadow password).
~sesh
Esteemed Contributor

Re: Shadow Password

Sunil Rahate - I have assigned points to 0 of 35 responses to my questions.

Please do keep assigning points to people who are coming forward to help.