Security Basics mailing list archives
Re: Password strength on UNIX
From: mini.pub.buntoo () hotmail com
Date: Wed, 31 Dec 2008 19:38:22 -0700
As in scenario 1 : You, as the UNIX Admin, are most likely the responsible of defining the policies related to user accounts within your UNIX env. Most likely w/o any restriction you can look into the usuall /etc/{^[passwd]} family files for ie. shadow enabled, suid, guid, passord sets re usable, if an actual password have been defined for users, locking/pre and post expiration warning policies. And before using kind of specialized tools, as you carefully mentionned, would build a [$USERNAME==$PASSWORD] hash list and compare it with their respective. the man -k passwd listing would give you quite few type of auditing point you verify But if you are looking for the actual values well as mentionned john the ripper and rainbow hash tables can provide you the information in a matter of time. Regards
Current thread:
- Re: Password strength on UNIX mini . pub . buntoo (Jan 02)
- <Possible follow-ups>
- Re: Password strength on UNIX Jon Kibler (Jan 02)
- Re: Password strength on UNIX Kurt Buff (Jan 05)