Questions tagged [shadow]

Shadow passwords is a security feature commonly used on Unix and Linux systems.

Unix and Linux systems store passwords as salted hash values. Historically these were stored in /etc/passwd along with other user information. For security reasons most systems have since moved the passwords to /etc/shadow such that only privileged programs have access to the hashed passwords. Some systems are using a group named shadow to manage access to this file.

29 questions
21
votes
3 answers

useradd not encrypting passwords in /etc/shadow

I stumbled accross this problem when trying to create new FTP users for vsftpd. Upon creating a new user with the following command and attempting login with FileZilla, I would get an "incorrect password" error. useradd f -p pass -d /home/f -s…
BadToTheBone
  • 369
  • 1
  • 3
  • 9
10
votes
6 answers

How should someone create an encrypted password for /etc/shadow?

I am setting up a new account on a Linux box for Subversion repository access, and can send the password to the new user. However, I think there was a command line utility for this new user to encrypt the password he likes into a format I can…
Egon Willighagen
  • 221
  • 1
  • 2
  • 5
10
votes
1 answer

How to generate a /etc/shadow compatible password for Ubuntu 10.04?

How are passwords generated that are used by Ubuntu 10.04? I know that they use SHA 512 as hashing algorithm, but I figure that there is some sort of salting done. I need to generate such a password myself. How can I do that? Is there a command line…
t6d
  • 507
  • 2
  • 5
  • 12
7
votes
3 answers

How are the hashes in /etc/shadow generated?

I was reading the Wikipedia article on the shadow file and it mentioned the format of the lines is like this: $id$salt$hashed So, my question is, how does it work? I tried to calcualte the hash for my own account to which I had the password so I…
Navid
  • 171
  • 1
  • 2
7
votes
3 answers

What is the `shadow` group used for?

On my Ubuntu 9.10 system, there's a shadow system group. There does not appear to be any user assigned to this group at all. The only files that I can find belonging to this group are /etc/shadow and /etc/gshadow. I'm aware that the purpose of these…
Shtééf
  • 1,225
  • 2
  • 12
  • 19
6
votes
4 answers

Is there a way to prevent password expiration when user has no password?

Okay, we all care about security so users should change their passwords on a regular basis (who said passwords are like underwear?). On redhat and centos (5.x and 6.x), it's possible to make every real user password expires after 45 days, and warn…
user130370
5
votes
1 answer

PAM vs /etc/shadow in Dovecot SASL configuration - Security differences?

I set up a server with Postfix SMTP auth through Dovecot SASL. However, it was not possible to get the PAM authentification working as standard out of the box. So more by chance, I changed it to the shadow driver as explained in Dovecot…
smartmic
  • 151
  • 4
3
votes
1 answer

NIS: which mechanism hides shadow.byname for unpriviledged users?

On some Linux box (SLES 11.1) which is a NIS client I can do as root: ypcat shadow.byname and get output, i.e. some lines with the encrypted passwords, amongst other information. On the same Linux box, if I run the same command as unpriviledged…
3
votes
2 answers

MySQL: Permit user to change his/her _own_ password

On a webserver there is a MySQL-service running, providing databases for the users of the server. Each user has it's own DB and it's own password and the right so INSERT/SELECT/UPDATE/DROP tables in it's own DB, but nothing more. However, i want to…
2
votes
1 answer

Disabling logging in as root via kickstart? Advice recommendations?

This is a two part question. Firstly, I am just looking to validation, if I am doing this correctly since I am not sure how to test this. The goal is to disallow the login of the root account and have everyone use sudo. To achieve this, I am putting…
Alex Mikhaelson
  • 107
  • 1
  • 2
  • 7
2
votes
2 answers

Migrate user and passwords to new linux box

I am trying to migrate old Centos 4.3 box to Centos 7. I have followed the migration steps from an article published way long back on http://www.cyberciti.biz/faq/howto-move-migrate-user-accounts-old-to-new-server/. At the time of configuring…
Silkograph
  • 197
  • 2
  • 14
2
votes
2 answers

passwd: Authentication token manipulation error

I am running a Ubuntu 12 machine, and have recently been working to secure it. I made all the changes from this guide. I am not running a Linode, but I used these as a starting point for setting up the firewall and such. All went smoothly, and I…
The_Anomaly
  • 131
  • 1
  • 2
1
vote
1 answer

Add a second /etc/passwd + /etc/shadow + /etc/group combination

Is it possible to add a second /etc/passwd + /etc/shadow + /etc/group combination like this to a linux system? /etc/passwd /etc/passwd2 /etc/shadow /etc/shadow2 /etc/group /etc/group2 During authentication process PAM should use all of this…
erunima
  • 21
  • 2
1
vote
2 answers

try to lock password but have no entry in /etc/shadow

Goal: Maintaining a former colleagues system, I want to lock all password logins in order to only allow ssh key based logins. Infos: The CentOS 6.5 system does not offer any network based authentication features (no Kerberos, ldap, gssapi etc.,…
MarkHelms
  • 171
  • 5
  • 15
1
vote
1 answer

Linux to Samba Automatical Password Synchonization

Nothing found at all on the Net: I'm looking up for an automatical synchonization of linux to samba (NOT Samba to Linux) passwords. I wrote a cgi web form that changes this password directly in the shadow file, using a crypted password (for security…
1
2