Recipe 9.3 Finding Accounts with No Password

9.3.1 Problem

You want to detect local login accounts that can be accessed without a password.

9.3.2 Solution

# awk -F: '$2 == "" { print $1, "has no password!" }' /etc/shadow

9.3.3 Discussion

The worst kind of password is no password at all, so you want to make sure every account has one. Any good password-cracking program can be employed here they often try to find completely unprotected accounts first but you can also look for missing passwords directly.

Encrypted passwords are stored in the second field of each entry in the shadow password database, just after the username. Fields are separated by colons.

Note that the shadow password file is readable only by superusers.

9.3.4 See Also

shadow(5).



Linux Security Cookbook
Linux Security Cookbook
ISBN: 0596003919
EAN: 2147483647
Year: 2006
Pages: 247

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net