The encrypted password files have more restrictive permissions as compared to /etc/password or /etc/group; and only root user is allowed to view these files, as they are not writable by default.
However these additional efforts from Red-Hat may not do much good unless users select and Administrators allot strong passwords to users. One similar program named “CRACK” can be used to check the strength of the password. A version of it is available as part of the cracklib* RPM package.
Simple passwords based on the dictionary words or simple recognizable pattern such as abcd can be easily decipher with the password-cracking program within minutes. A strong password should comprise upper and lower case letters and numbers, such a password can take upto weeks for some program to decipher. Example
“I ran a mile in 3 minute on Wednesday”
“Irani3moW”- can be your password
Two commands can be used for converting user passwords in the shadow passwords suite:-
1. pwconv:-
It converts a password already existing /etc/passwd and replaces it by “x”; the encrypted username and other information are transferred to the /etc/shadow file.
If new users are added by editing /etc/passwd file, run this command again. This works even if other passwords are already encrypted in /etc/shadow.
2. pwunconv:-
It transfers password back to /etc/passwd and deletes the /etc/shadow file. Be careful using it because it also deletes any password-aging information otherwise saved in /etc/shadow.
Post a Comment