HPE Community
Operating System - HP-UX
1830387 Members
2723 Online
110001 Solutions
New Discussion

Unknown password characters

 
SOLVED
Go to solution
John Patrick_2
New Member

‎08-01-2005 04:09 AM

‎08-01-2005 04:09 AM

Unknown password characters

I am looking for some guidance regarding encrypted passwords on an HP-UX Unix system. In an /etc/passwd file, does the character combination “,..” represent a disabling password much like “*” or is it a default? This password occurs numerous times in the passwd file, mainly for non-system logins.

An example entry would be:

uuser:,..:376:20:Anon User:/users/uuser:/usr/bin/ksh

Any help would be much appreciated. Thanks.
0 Kudos
Reply
8 REPLIES 8
John Patrick_2
New Member

‎08-01-2005 04:11 AM

‎08-01-2005 04:11 AM

Re: Unknown password characters

Sorry, is a formatting error.

The encrypted password I'm looking at is: ,..
0 Kudos
Reply
RAC_1
Honored Contributor

‎08-01-2005 04:20 AM

‎08-01-2005 04:20 AM

Re: Unknown password characters

passwd -s "user_name"
or
passwd -a

Should give you details about if account is locked or not. No need to look at what encrypted password look like.

In trusted environment, in addition to above commands, you can also use getprpw -m lockout "user_name" Read man pages for details.

Anil

There is no substitute to HARDWORK
0 Kudos
Reply
Mel Burslan
Honored Contributor

‎08-01-2005 04:21 AM

‎08-01-2005 04:21 AM

Solution

Re: Unknown password characters

,.. in the encrypted password field means that the user, when logs in the first time, is not required to enter a password but should pick a new password upon first login.

And it worked for untrusted systems but when I tried it on trusted system, it does not seem to work. To have the same effect on trusted systems, password should be blanked out toatlly.

Hope this helps
________________________________
UNIX because I majored in cryptology...
Reply
DCE
Honored Contributor

‎08-01-2005 04:27 AM

‎08-01-2005 04:27 AM

Re: Unknown password characters

the ,.. is for password aging. It represents the number of days left before the password expires
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎08-01-2005 04:27 AM

‎08-01-2005 04:27 AM

Re: Unknown password characters

passwd -sa provides a complete report.

pwck

# checks the passwd file

grpck

# checks the group file

Some errors for the Samba user are okay.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎08-01-2005 05:03 AM

‎08-01-2005 05:03 AM

Re: Unknown password characters

Actually, any passwd hash that is not exactly 13 characters long or 0 chars long in the case of the null password is invalid. By convention, the '*' (asterisk) is used to lock an account on untrusted systems but any other non-13 character hash would also serve to lock the account on an untrusted system.
If it ain't broke, I can fix that.
0 Kudos
Reply
generic_1
Respected Contributor

‎08-01-2005 05:10 AM

‎08-01-2005 05:10 AM

Re: Unknown password characters

You may want to consider going to trusted. It is more secure. It will give you more controll over your accounts as well.

The encrypted password is kept in /tcb/files/auth/r/root for root example

/usr/lbin/getprpw root
would show if root is locked by alooking at the alock= field anything but all 0s is locked. Each digin represents a place holder for why the account was locked which is pretty cool too.

0 Kudos
Reply
Bill Hassell
Honored Contributor

‎08-01-2005 10:28 AM

‎08-01-2005 10:28 AM

Re: Unknown password characters

AS mentioned, the password field contents very much depend on whether you have a standard, a Trusted, or a shadow password system. Starting with a standard system, the comma , means beginning of password aging. The two periods .. as the only characters represents immediate expiration. SO if the passwd file has this:

billh:,..:100:20:Bill Hassell,IT Dept,x148...

Then when I login as billh, no password is required (there is nothing in front of the comma) and the login program will ask me to pick a new password.

If there is anything in front of the comma, it must be exactly 13 characters. Anything less and *NO* password will match that string, this the account is unusable. By convention, a * is often used to 'lock' an account although it just means you can't login ever, until a valid encrypted password string is put in front of the comma.

And note that the comma is optional. If present, the characters following the comma are defined in the man page for passwd(4) (hint: man 4 passwd). These 4 characters define the expiration and renewal days.

Now forget all of that for a Trusted system. The passwd file will have 100% * characters in every account and the password aging is now stored in the TCB database.


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.