[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] [Mips] Are these Passwords Shadowed?
- Subject: Re: [cobalt-users] [Mips] Are these Passwords Shadowed?
- From: Colin Smith <colin@xxxxxxxxxxxxxxxxxxxx>
- Date: Tue Dec 5 17:34:51 2000
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
On Sun, 3 Dec 2000, James Hoaggs wrote:
> ---- "H.P. Stroebel" <hpstr@xxxxxxxxxxxxx> wrote:
> > James Hoaggs schrieb:
> >
> > > 1) Are these passwords shadowed?
> > > root:9E8yTJJJJJfdW:0:0:Root:/root:/bin/sh <changed some for >>>protection
> >>admin:9E8yTJJJJJfdW:110:100:Administrator:/home/users/admin:/bin/bash
> >
> > no.
> >
> > > 2) If not, how does one go to shadow them. I can not find a /etc/shadow
> > > file, and the /etc/passwd has these permissions:
> > > -rw-r--r-- 1 root root 1311 Dec 1 04:04 passwd
> [snip]
> > for this reason, passwords are normally shadowed, as /etc/shadow does
> > not have to be world readable.
> > that makes it harder to gain the (encrypted) passwords >from /etc/passwd
> > and to run a brute force dictionary attack against them.
>
> Ok, since these passwords are not shadowed, then as other have mentioned,
> the Qube2 should be used "for non-critical purposes and certainly (s)ould
> not put any important data on it." I.E. not for a business, merely a
> backdoor server for scriptkiddies, government hacks, bored cobalt employees,
> and other luser market researchers to play and root around with?
I've had a look at the pam config on my Qube and it looks like the
libraries support shadow passwords. In addition, the shadow tools exist on
the system.
If you want to I suspect you could enable shadow passwords on the system.
However, be aware that if you don't know what you're doing then it's a
very good way to totally hose all access to the box.
>
>
--
regards,
Colin.