[K12OSN] finding user passwords

Burke Almquist balmquist at mindfirestudios.com
Thu Nov 11 12:36:41 UTC 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

chmod passwd so it is only executable by root and the administrative 
group?

On Nov 11, 2004, at 6:09 AM, Martin Woolley wrote:

> On Thursday 11 Nov 2004 10:24 am, Will Hatch wrote:
>> I have a disgruntled student who changed his user password and will 
>> not
>> tell faculty what it is.  I can access his home directory from root I 
>> know,
>> but would still like to find out this password.  How do I do this? I 
>> have
>> locked his account out.  Also, is there a way to make it so they 
>> cannot
>> change their password?  thanks!
>
> John the Ripper will crack a password, provided the cunning user 
> hasn't made
> it too complex.  For instance, I think John will find lem0n but it 
> won't find
> h2so4.  www.openwall.com/john  Why bother to crack it?  Just change it 
> to
> something that you know.
>
> I don't know how you can prevent the user from changing their 
> password, but
> that doesn't mean that there isn't one.  One solution is to write a 
> script
> that calls /usr/sbin/chpasswd ; this needs an input file of :
> username:password
> You can call this from cron so that it will constantly change the users
> password back, or you could write a C wrapper to call it from 
> .bash_logout
> for the user, or you could use sudo to achieve the same thing, making 
> the
> permissions script that you call from .bash_logout 711 .
> -- 
> Regards
> Martin Woolley
> ICT Support
> Handsworth Grammar School
> Isis Astarte Diana Hecate Demeter Kali Inanna
>
>
>
> *************************************************************
> This email and any files transmitted with it are confidential
> and intended solely for the use of the individual or entity
> to whom they are addressed. If you have received this email
> in error please notify postmaster at bgfl.org
>
> The views expressed within this email are those of the
> individual, and not necessarily those of the organisation
> *************************************************************
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iEYEARECAAYFAkGTXNkACgkQfqZR3ThMfXQPWQCfdYA5jHNUxCTz67mHB4IfjFf4
YiAAnjO4SVLics5hE4YwfhAQyxoE6tdo
=VQJ5
-----END PGP SIGNATURE-----

More information about the K12OSN mailing list