Web hosting rating - Chapter 6 . Securing Linux 215 results in
Chapter 6 . Securing Linux 215 results in the passwd command prompting you for joe s new password. It does not prompt you for the user s old password so that root can reset a user s password when that user has forgotten it (an event that happens all too often). Using a Password File In early versions of UNIX, all user account and password information was stored in a file that all users could read (although only root could write to it). This was generally not a problem because the password information was encrypted using a trapdoor algorithm, meaning that the clear text password was encoded into a scrambled string of characters before it was stored in the file, and that the string could not be translated back to the nonencoded password. How does the system check your password in this case? When you log in, the system encodes the password you entered, compares the resulting scrambled string with the scrambled string that is stored in the password file, and grants you access only if the two match. Have you ever asked a system administrator what the password on your account is, only to hear I don t know in response? If so, this is why: The administrator really doesn t have the password, only the encrypted version. The nonencoded password exists only at the moment you type it. Breaking Encrypted Passwords There is a problem with people being able to see encrypted passwords, however. Although it may be difficult (or even impossible) to reverse the encryption of a trapdoor algorithm, it is very easy to encode a large number of password guesses and compare them to the encoded passwords in the password file. This is, in order of magnitude, more efficient than trying actual login attempts for each user name and password. If a cracker can get a copy of your password file, the cracker has a much better chance of breaking into your system. Fortunately, Linux and all modern UNIX systems support a shadow password file by default. The shadow file is a special version of the passwd file that only root can read. It contains the encrypted password information, so passwords can be left out of the passwd file, which any user on the system can read. Linux supports the older, single-password file method as well as the newer, shadow password file. You should always use the shadow password file (it is the default). Checking for the Shadow Password File The password file is named passwd and can be found in the /etc directory. The shadow password file is named shadow and is also located in /etc. If your /etc/ shadow file is missing, then it is likely that your Linux system is storing the password information in the /etc/passwd file instead. Verify this by displaying the file with the less command: # less /etc/passwd
In case you need quality webspace to host and run your web applications, try our personal web hosting services.