[K12OSN] finding user passwords
Gary Frederick
gary.frederick at jsoft.com
Thu Nov 11 13:30:01 UTC 2004
Howdy,
Would it be better to just change the password as root?
I would not be comfortable with cracking someone's password.
Gary
Martin Woolley wrote:
> On Thursday 11 Nov 2004 10:24 am, Will Hatch wrote:
>
>>I have a disgruntled student who changed his user password and will not
>>tell faculty what it is. I can access his home directory from root I know,
>>but would still like to find out this password. How do I do this? I have
>>locked his account out. Also, is there a way to make it so they cannot
>>change their password? thanks!
>
>
> John the Ripper will crack a password, provided the cunning user hasn't made
> it too complex. For instance, I think John will find lem0n but it won't find
> h2so4. www.openwall.com/john Why bother to crack it? Just change it to
> something that you know.
>
> I don't know how you can prevent the user from changing their password, but
> that doesn't mean that there isn't one. One solution is to write a script
> that calls /usr/sbin/chpasswd ; this needs an input file of :
> username:password
> You can call this from cron so that it will constantly change the users
> password back, or you could write a C wrapper to call it from .bash_logout
> for the user, or you could use sudo to achieve the same thing, making the
> permissions script that you call from .bash_logout 711 .
More information about the K12OSN
mailing list