Re: Password strength on UNIX

[mini.pub.buntoo () hotmail com]

As in scenario 1 : 

You, as the UNIX Admin, are most likely the responsible of defining the policies related to user accounts within your 
UNIX env.  Most likely w/o any restriction you can look into the usuall /etc/{^[passwd]} family files for ie. shadow 
enabled, suid, guid, passord sets re usable, if an actual password have been defined for users, locking/pre and post 
expiration warning policies.

And before using kind of specialized tools, as you carefully mentionned, would build a [$USERNAME==$PASSWORD] hash list 
and compare it with their respective. the man -k passwd listing would give you quite few type of auditing point you 
verify

But if you are looking for the actual values well as mentionned john the ripper and rainbow hash tables can provide you 
the information in a matter of time.

Regards