M.C. Vernon wrote: > On Tue, 1 Dec 1998, Mitch Blevins wrote: > > > M.C. Vernon wrote: > > > On Tue, 1 Dec 1998, Patrick RICHARD wrote: > > > > > > > I choose the shadow mode and I create the new users with the command > > > > "adduser" > > > > > > Can you post /etc/passwd and /etc/group, please? > > > > Please post your private PGP key and pass phrase also. ;) > > Red herring. If he uses shadow passwords, then the password field mearly > contains an x. If he doesn't, then it is only a one-way hash. Having said > that, he claims to use shadow, so this shouldn't matter. This is true. It escaped me that he was using shadow mode. Let's hope he is right about that. The one-way hashes would be easily brute-forced with a local copy of them. <anecdote> At my company, they are building a new samba password file based on the passwords of the unix accounts. Just running crack on a spare machine, we've gotten 95% of the passwords without having to ask the users to re-set their passwords for samba (wouldn't want to bother them too much) </anecdote> -Mitch
Attachment:
pgpKwtmPWy21y.pgp
Description: PGP signature