Operating System - HP-UX
1839232 Members
2615 Online
110137 Solutions
New Discussion

Re: Tools or scripts to find out validate users in HP UNIX with embedded passwords.

 
DharmaRao G
Advisor

Tools or scripts to find out validate users in HP UNIX with embedded passwords.

Is there any tool or script to validate UNIX users with embedded passwords?
12 REPLIES 12
Hakki Aydin Ucar
Honored Contributor

Re: Tools or scripts to find out validate users in HP UNIX with embedded passwords.

What do you mean with embedded passwords ?
DharmaRao G
Advisor

Re: Tools or scripts to find out validate users in HP UNIX with embedded passwords.

Looking for user are logging into the servers, need to know who are the using encrypted passwords.
James R. Ferguson
Acclaimed Contributor

Re: Tools or scripts to find out validate users in HP UNIX with embedded passwords.

Hi:

You asked this very question earlier this month. The responses you received were universally that it was not a trivial exercise and would probably yield very fuzzy results.

http://forums.itrc.hp.com/service/forums/questionanswer.do?threadId=1354107

Based on the point assignments you provided, and the resurrection of this query, it seems that you don't like the "not easy" answer.

Regards!

...JRF...

OldSchool
Honored Contributor

Re: Tools or scripts to find out validate users in HP UNIX with embedded passwords.

and the answers haven't changed since the prior thread. such a tool *doesn't* exist.
OldSchool
Honored Contributor

Re: Tools or scripts to find out validate users in HP UNIX with embedded passwords.

"Looking for user are logging into the servers, need to know who are the using encrypted passwords."

now what are you referring to? Passwordless ssh or some such?
DharmaRao G
Advisor

Re: Tools or scripts to find out validate users in HP UNIX with embedded passwords.

Hi

That may be login from local or remote, once the user is logged in how to authenticate and identify user has logged normal password or through embedded password.


Regards
Dr
Steven E. Protter
Exalted Contributor

Re: Tools or scripts to find out validate users in HP UNIX with embedded passwords.

Shalom,

Still don't know what you mean by an embedded password.

There is no mechanism to check user password used while logged in.

If you obtain permission from your management, you can do what I used to do at prior jobs.

I took a copy of the /etc/passwd file and ran crack against it.

When it guessed user passwords, I reported to management that password guidelines were not being followed. I was not permitted to use /etc/default/security to enforce guidelines. Go figure.

I can provide you with instructions and code to compile to run crack on your password file.

Another trick I used was looking at last and lastb output.

Many of my users in Chicago were fond of the password Cubs1 or cubs1. Perhaps it was due to the ineptitude of that baseball club.

But I digress, Sometimes these brilliant users typed their password instead of their user name, showed up in lastb output. Then I tried that password with a telnet/ssh login and reported the users.

I didn't like being a snitch, but was ordered to maintain security and saw the logic of it.

If you want instructions on how to use crack, obtain management permission (highly recommended) and post back, perhaps do some reasonable interim point assignment and myself or someone else will provide you instructions on how to do it.

A google search of itrc forums will also provide you these instructions, I have posted them before.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
DharmaRao G
Advisor

Re: Tools or scripts to find out validate users in HP UNIX with embedded passwords.

TO know who are the using encrypted passwords.
Steven E. Protter
Exalted Contributor

Re: Tools or scripts to find out validate users in HP UNIX with embedded passwords.

Shalom again,

Everyone uses encrypted passwords.

The password is encrypted before it is stored in the /etc/passwd file.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
DharmaRao G
Advisor

Re: Tools or scripts to find out validate users in HP UNIX with embedded passwords.

Hi,

How to confirm that user password is encrypted mode, is there any tool or script to validate this?

Regards
Dr
Dennis Handly
Acclaimed Contributor

Re: Tools or scripts to find out validate users in HP UNIX with embedded passwords.

>How to confirm that user password is encrypted mode

Passwords are either default, stored in /etc/passwd, Trusted, or Shadowed.

If these terms are not what you want, you will have to stop using "encrypted" and "embedded" and show us an example of what you want to find.

It seems like you are using words with a different meaning that what we understand.
Steven E. Protter
Exalted Contributor

Re: Tools or scripts to find out validate users in HP UNIX with embedded passwords.

Shalom,

Password information is "encrypted" for lack of a better word before being stored in /etc/passwd.

If you are testing that the password is complex enough to meet standards you can do what I recommended earlier and attempt to crack the password using the crack tools.

You seem to have a fundamental misunderstanding here and can't seem to state a goal. If you want to make sure passwords meet standards then test them. Or enforce standards with /etc/default/security settings.

There is a man page and at least 100 ITRC forums posts that say how to do that.

sEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com