Re: bad user passwords (93 Views)
Reply
Regular Advisor
Don Bentz
Posts: 131
Registered: ‎07-20-1998
Message 1 of 4 (93 Views)

bad user passwords

Is there a way I can determine if a user is logging in with a particular (i.e., default) password? Would I have to use a program like "crack" to determine this?
Insecurity is our friend. It keeps you dependent.
Acclaimed Contributor
A. Clay Stephenson
Posts: 17,825
Registered: ‎07-16-1998
Message 2 of 4 (93 Views)

Re: bad user passwords

Hi Don,

No there is no way to determine what plaintext
password is using. Crack MAY be able to guess.
The only way to do this would be to code a replacement for login.

Regards, Clay
If it ain't broke, I can fix that.
Honored Contributor
Patrick Wallek
Posts: 13,784
Registered: ‎06-21-2000
Message 3 of 4 (93 Views)

Re: bad user passwords

The only way you could determine if a passwd has changed is to keep a copy of the passwd file and do a diff against it. That way you will know when the passwords change. If you know when a user is created, make a copy and then check periodically to see if / when the user changes the password.
Honored Contributor
Wieslaw Krajewski
Posts: 349
Registered: ‎03-07-2001
Message 4 of 4 (93 Views)

Re: bad user passwords

Hi,

To be sure that an user will change the default password is to force him to change the password during the next login. To this purpose it is necessary to add in the second field of the respective line in the /etc/passwd file ",.." after encrypted password.

Rgds.
Permanent training makes master
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.