HPE Community
Operating System - HP-UX
1834020 Members
2824 Online
110063 Solutions
New Discussion

check if a certain password is set

 
SOLVED
Go to solution
Elif Gius
Valued Contributor

‎08-19-2004 09:17 PM

‎08-19-2004 09:17 PM

check if a certain password is set

Hi all,

i want to write a script which checks if a certain password is set for a user , for example if a standard password is set for the root account.

Has anyone an idea how I can check this easily???

Thanks in adavance for your help...
0 Kudos
Reply
9 REPLIES 9
Massimo Bianchi
Honored Contributor

‎08-19-2004 09:25 PM

‎08-19-2004 09:25 PM

Re: check if a certain password is set

Hi,
there is no automatic way to check if a determined password is given.

Best way is to run a crack tool against a copy of the /etc/passwd file.

HTH,
Massimo


0 Kudos
Reply
RAC_1
Honored Contributor

‎08-19-2004 09:29 PM

‎08-19-2004 09:29 PM

Re: check if a certain password is set

There is way, but difficult. You can replace a passwd command with some perl script which will check certain things and if satisfied will handover the control to passwd command. This script can check number of chars used in password, lowaer case, upper case letters etc.

Are you awre that with file /etc/default/security (starting from 11.0 OS) you can control certain checks/parameters about password?? man 4 security for details. Also if you convert to trusted system , you can control lot more options. man getprpw, modprw, modprdef and getprdef man pages.

Anil
There is no substitute to HARDWORK
0 Kudos
Reply
Elif Gius
Valued Contributor

‎08-19-2004 09:38 PM

‎08-19-2004 09:38 PM

Re: check if a certain password is set

but how will this perl script look ?

I want to ensure that if someone reset the root passwd for maintenace and then forgot to change it, then someone will detect it.

0 Kudos
Reply
John Palmer
Honored Contributor

‎08-19-2004 09:39 PM

‎08-19-2004 09:39 PM

Solution

Re: check if a certain password is set

Hi,

The password field entry from /etc/passwd consists of an encrypted password plus a two character 'seed' for the crypt routine (see man 4 passwd) for full information.

Given the 'seed' and a plain text password (your standard password for instance), you can run crypt (man 2 crypt) to produce an encrypted password. If this matches the field in /etc/passwd then the plain text password is valid. This is the way that login validates the password and also how 'crack' programs work (they use dictionary lists and various algorithms to repeatedly call crypt to try to get a match).

In order to run crypt however, you'll either have to write a simple C program or use something like perl. You can't call crypt direct from a shell script.

Regards,
John
Reply
Elif Gius
Valued Contributor

‎08-19-2004 09:49 PM

‎08-19-2004 09:49 PM

Re: check if a certain password is set

can you give me a short example
0 Kudos
Reply
Elif Gius
Valued Contributor

‎08-19-2004 10:06 PM

‎08-19-2004 10:06 PM

Re: check if a certain password is set

so I'm not sure if I unterstand it right:

Encrypted password for the password "Pass1234" in /etc/passwd is "oBtWkqOhozqyw". Here "oK" is the seed. If I would run echo "Pass1234oB"|/usr/lib/makekey

I should get oBtWkqOhozqyw...

But that does not work ...
0 Kudos
Reply
Elif Gius
Valued Contributor

‎08-19-2004 10:06 PM

‎08-19-2004 10:06 PM

Re: check if a certain password is set

so I'm not sure if I unterstand it right:

Encrypted password for the password "Pass1234" in /etc/passwd is "oBtWkqOhozqyw". Here "oB" is the seed. If I would run echo "Pass1234oB"|/usr/lib/makekey

I should get oBtWkqOhozqyw...

But that does not work ...
0 Kudos
Reply
RAC_1
Honored Contributor

‎08-19-2004 10:20 PM

‎08-19-2004 10:20 PM

Re: check if a certain password is set

It will not resolve to same as that of in the password. While crypting it also takes into account the time and few other things. That's what my understanding is.

But if you put that password, it will work.

Anil
There is no substitute to HARDWORK
Reply
Massimo Bianchi
Honored Contributor

‎08-19-2004 10:25 PM

‎08-19-2004 10:25 PM

Re: check if a certain password is set

That't what simple crack program do :)

http://hpux.connect.org.uk/hppd/hpux/Sysadmin/crack-5.0/

http://www.openwall.com/john/


I never re-write something that some other coder, more smarter than me, has alredy done...


HTH,
Massimo


0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.