[K12OSN] finding user passwords
Martin Woolley
sysadmin at handsworth.bham.sch.uk
Thu Nov 11 12:09:49 UTC 2004
On Thursday 11 Nov 2004 10:24 am, Will Hatch wrote:
> I have a disgruntled student who changed his user password and will not
> tell faculty what it is. I can access his home directory from root I know,
> but would still like to find out this password. How do I do this? I have
> locked his account out. Also, is there a way to make it so they cannot
> change their password? thanks!
John the Ripper will crack a password, provided the cunning user hasn't made
it too complex. For instance, I think John will find lem0n but it won't find
h2so4. www.openwall.com/john Why bother to crack it? Just change it to
something that you know.
I don't know how you can prevent the user from changing their password, but
that doesn't mean that there isn't one. One solution is to write a script
that calls /usr/sbin/chpasswd ; this needs an input file of :
username:password
You can call this from cron so that it will constantly change the users
password back, or you could write a C wrapper to call it from .bash_logout
for the user, or you could use sudo to achieve the same thing, making the
permissions script that you call from .bash_logout 711 .
--
Regards
Martin Woolley
ICT Support
Handsworth Grammar School
Isis Astarte Diana Hecate Demeter Kali Inanna
*************************************************************
This email and any files transmitted with it are confidential
and intended solely for the use of the individual or entity
to whom they are addressed. If you have received this email
in error please notify postmaster at bgfl.org
The views expressed within this email are those of the
individual, and not necessarily those of the organisation
*************************************************************
More information about the K12OSN
mailing list