HPE Community
Operating System - Linux
1839690 Members
2332 Online
110153 Solutions
New Discussion

Linux user password security

 
Michael Williams_6
Trusted Contributor

‎03-08-2005 03:02 AM

‎03-08-2005 03:02 AM

Linux user password security

Hello all!

I'm currently in the middle of a project to port a SCO based NIS server to Linux (unfortunately LDAP didn't quite work for me, but that's another story!)

I'd like to verify that our users are indeed using secure passwords in line with our IT policy. I've found a password cracker, but it's pretty lame and pretty slow.

I'd like to find a tool that will systematically go through our NIS domain (or take a copy of the raw files) and try to crack the password, if it fails to do so in say 30 seconds, then the password is ok.

Does anyone know of any mechanism to do this?
0 Kudos
Reply
2 REPLIES 2
Dave Falloon
Trusted Contributor

‎03-08-2005 03:14 AM

‎03-08-2005 03:14 AM

Re: Linux user password security

I've used john the ripper to crack passwords, its fast and can read a passwd file.

http://www.openwall.com/john/

I would also look into using pam's cracklib.so, I don't remember if it works over NIS though.

I hope that helps

--Dave
Clothes make the man, Naked people have little to no effect on society
0 Kudos
Reply
Michael Williams_6
Trusted Contributor

‎03-08-2005 03:18 AM

‎03-08-2005 03:18 AM

Re: Linux user password security

Hi Dave,

"John" was actually the password cracker I was using, it was pathetic! Took ages to find the password "password" on 8 users and only found 15 in 6 hours...

I'm running on a 3.6Ghz G4 server, so expect this to be a little quicker, maybe I had the command line wrong, can you tell me what the command line you used was to pick up the password (assuming you're still using it of course!)
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.