I want to know the reason behing the scene why some systems have hashed password in /etc/shadow file as "x" not the alienoid language like A1Dksxi3kaA.. (13 characters)
As far as I understand, etc/password will show password as "x" and move all hashed password to etc/shadow. However, I do not know why in shadow have "x" in hashed passoword again. Are there any second shadow of shadow ???
one more question please,
sometime hashed password in etc/shadow is an readable words and it is not 13 characters i.e. abc123 I'm doubt that this user cannot login with password "abc123" for sure but I do not know why these users have strange hashed password?
In Oracle, this kind called "imposible password" (like user anonymous have hashed password anonymous) which mean that no one can log in with account anonymous since the hash contain character than heximal range.) however, in Oracle I can identify password directly but I'm not sure how to identify password "abc123" directly in shadow file in Unix. Can I just use vi to edit that ??
[sorry for mistake, I edit something since I posted it wrong] change from etc/passwd >> etc/shadow
Thank you very much Incredible,
That's mean administrator of the system edit the etc/shadow file and delete the hash and replace it with 'x' or 'abc123'.
So, these user will be prevented from login since it is impossible to insert any password and encrypt it equal to 'x' or 'abc123'. Do I understand correct, please?
In case you need to disable user from loggiing in, you can use *LK* to set in the passwd file. And sorry for earlier typo, the NP should be in the passwd file as well. If you want to remove the encrypted passwd, you will need to remove the :123GFvVgvgus657vYF: to :: . That's all
Sorry to disturb you again, Incredible. I want to make sure that I understand it correctly.
If shadow file say
john:1$1GFvVgvgus657vYF:::::: >> this is show the hashed password.
abel:123abc::::::: >> this should mean someone edit the shadow file and replace hashed password with 123abc.
well.. I still doubt that why they need to edit it to 123abc ??? are there any myth hidden behind?
Nope, the abc123 is not a password and will never work. somebody probably could have "just editted" it to prevent the user from not logging in again I guess, that's all. Anyway, it would be the wrong way to do so. Never ever attempt to edit the passwd/shadow files by hand, unless you are sure ofno typo mistakes and you're aware of what you're doing.
So, normally, the practice we use to prevent user from login the Solaris, just remove the password and it'll show *NP* (or lock that account, *LK*). Thank you very much again one more time
As the adminitrator of the system with root access you may change any users password (needed for when the user has forgotten) by running:
# password username
You will be prompted for a new password but not the user's old password, therefore you do not need to edit the /etc/shadow file to change a users password.
Changing a users password field in /etc/shadow to "::" means they may log on without providing a password, not good!
Using the shadow file was just meant to be a temp solution (quick and dirty). Pls do see the other recommendations which I provided. This problem was raised due to the Permission denied error. Not because that the PL did not know how to change a user password. Fyi.
