1839230 Members
4517 Online
110137 Solutions
New Discussion

Re: bad user passwords

 
Don Bentz
Regular Advisor

bad user passwords

Is there a way I can determine if a user is logging in with a particular (i.e., default) password? Would I have to use a program like "crack" to determine this?
Insecurity is our friend. It keeps you dependent.
3 REPLIES 3
A. Clay Stephenson
Acclaimed Contributor

Re: bad user passwords

Hi Don,

No there is no way to determine what plaintext
password is using. Crack MAY be able to guess.
The only way to do this would be to code a replacement for login.

Regards, Clay
If it ain't broke, I can fix that.
Patrick Wallek
Honored Contributor

Re: bad user passwords

The only way you could determine if a passwd has changed is to keep a copy of the passwd file and do a diff against it. That way you will know when the passwords change. If you know when a user is created, make a copy and then check periodically to see if / when the user changes the password.
Wieslaw Krajewski
Honored Contributor

Re: bad user passwords

Hi,

To be sure that an user will change the default password is to force him to change the password during the next login. To this purpose it is necessary to add in the second field of the respective line in the /etc/passwd file ",.." after encrypted password.

Rgds.
Permanent training makes master