HPE Community
Operating System - HP-UX
1821643 Members
3137 Online
109633 Solutions
New Discussion юеВ

Blank password hash field in /etc/passwd

 
SOLVED
Go to solution
send9
New Member

тАО05-07-2009 12:31 PM

тАО05-07-2009 12:31 PM

Blank password hash field in /etc/passwd

Hello all. Please pardon my HP-UX ignorance in this post, but I have the following question:

A client has several HP-UX B.11.31 systems. In examining the /etc/passwd files, there are several accounts which do not have a placeholder in the field that traditionally held the password hash. This includes root and several regular accounts, i.e:

root::0:3::/:/sbin/sh

IIRC, this would equate to a blank password for that account on most UNIX systems. But I don't know what it would do on HP-UX.

So, is it a blank password or does it have other implications?

Thank you!
0 Kudos
Reply
5 REPLIES 5
Steven E. Protter
Exalted Contributor

тАО05-07-2009 12:44 PM

тАО05-07-2009 12:44 PM

Solution

Re: Blank password hash field in /etc/passwd

Shalom,

Blank password works the same way in HP-UX as other Unixes or Linux.

Having it blank for root is a HUGE security violation. It needs to be fixed immediately.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Patrick Wallek
Honored Contributor

тАО05-07-2009 01:03 PM

тАО05-07-2009 01:03 PM

Re: Blank password hash field in /etc/passwd

Is the system set up as a trusted system?

If it is not, then you have no password for the root, and other, users.

If it is trusted, then you **may** be OK. To see if the system is trusted, try this:

# cat /tcb/files/auth/r/root

If it actually ouputs the contents of a file, then your system is trusted. In this file the password hash is the line that looks like:

:u_pwd=YwqQwQEITVAqg9PZw.v5tm1U:\

As long as there is a string of character there, then you should be OK.

On the other hand, if the cat returns an error like "file not found" then your system is NOT trusted and root is wide open.
Reply
Patrick Wallek
Honored Contributor

тАО05-07-2009 01:06 PM

тАО05-07-2009 01:06 PM

Re: Blank password hash field in /etc/passwd

2 additional thoughts:

1) What I said above about a trusted system could also hold true if the system is using /etc/shadow to hold passwords. If you do a 'cat /etc/shadow' and you see the file contents, then you are good. Otherwise, not good.

2) How is the system behaving? Does it ask for a root password when you try to log in? If not, then there's no password and your system is likely NOT trusted or shadowed. If it does ask for a password, then it is.
0 Kudos
Reply
send9
New Member

тАО05-07-2009 01:16 PM

тАО05-07-2009 01:16 PM

Re: Blank password hash field in /etc/passwd

Thank you for the responses thus far. I am not sure about trusted mode, but I can confirm that /etc/shadow does NOT exist. I cannot connect to the system and try it myself for several reasons, but I will work with the client tomorrow to get a grip on the situation.
0 Kudos
Reply
Bill Hassell
Honored Contributor

тАО05-07-2009 06:29 PM

тАО05-07-2009 06:29 PM

Re: Blank password hash field in /etc/passwd

A Trusted system will always have the directory /tcb. If not, then it is not Trusted. But, if the system is Trusted, it is incorrect to have a null password field. A correct passwd file will have "*" in EVERY user ID line. There is nothing to prevent a novice admin with the root password from editing the passwd file and clobbering the entries. If there is no /tcb directory, then as mentioned, someone has trashed security by removing password requirements from root and other accounts. They may have even created duplicate user UIDs. To see how bad things are, use these commands:

logins -p
logins -d

If the system is important, these security violations must be repaired and the root password restricted to trained administrators.


Bill Hassell, sysadmin
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.