[K12OSN] finding user passwords

[Martin Woolley]

On Thursday 11 Nov 2004 10:24 am, Will Hatch wrote:
> I have a disgruntled student who changed his user password and will not
> tell faculty what it is.  I can access his home directory from root I know,
> but would still like to find out this password.  How do I do this? I have
> locked his account out.  Also, is there a way to make it so they cannot
> change their password?  thanks!

John the Ripper will crack a password, provided the cunning user hasn't made 
it too complex.  For instance, I think John will find lem0n but it won't find 
h2so4.  www.openwall.com/john  Why bother to crack it?  Just change it to 
something that you know.

I don't know how you can prevent the user from changing their password, but 
that doesn't mean that there isn't one.  One solution is to write a script 
that calls /usr/sbin/chpasswd ; this needs an input file of :
username:password
You can call this from cron so that it will constantly change the users 
password back, or you could write a C wrapper to call it from .bash_logout 
for the user, or you could use sudo to achieve the same thing, making the 
permissions script that you call from .bash_logout 711 .  
-- 
Regards
Martin Woolley
ICT Support
Handsworth Grammar School
Isis Astarte Diana Hecate Demeter Kali Inanna



*************************************************************
This email and any files transmitted with it are confidential
and intended solely for the use of the individual or entity 
to whom they are addressed. If you have received this email 
in error please notify postmaster at bgfl.org

The views expressed within this email are those of the 
individual, and not necessarily those of the organisation
*************************************************************