Operating System - HP-UX
1831185 Members
3137 Online
110021 Solutions
New Discussion

Checking shadow based and non-shadow based HP

 
Deoashish
New Member

Checking shadow based and non-shadow based HP

HI,

Is there some system call/ command to check if a given non-trusted HP machine has password stored in the shadow file or are they stored in he passwd file?

How can a program come to know about this?


Thanks in Advance
-Deo
2 REPLIES 2
Victor BERRIDGE
Honored Contributor

Re: Checking shadow based and non-shadow based HP

Greetings,

A simple way would be to know if it has the required bundle and the file /etc/shadow exist...
swlist|grep Shadow
ll /etc/shadow

All the best
Victor
Matti_Kurkela
Honored Contributor

Re: Checking shadow based and non-shadow based HP

If the file /etc/shadow exists and the users' password fields in /etc/passwd contain just a single "x" character, passwords are definitely stored in /etc/shadow.

If some users have a single "x" in the password field of /etc/passwd and others have an encrypted password in it, the password file is in an invalid state and pwconv should be re-run to automatically create the necessary /etc/shadow entries and migrate the password data to that file. Based on a quick test, a non-shadow user account entry in a shadow-using machine simply does not work (=is equivalent to a locked account) until that is done.

If your application needs to check a password, you should not do it by directly reading /etc/password or /etc/shadow files: instead you could use the getpwent()/endpwent()/getspent()/endspent() functions. If these functions are not suitable for your needs, you should consider using the PAM API (see "man 3 pam" and the other manpages referred to by it).

MK
MK