[K12OSN] Re: finding user passwords

[Frank Samuelson]

Gary is correct.  Knowing a user's password is extraneous information.
If you have root you can access all his information and set
the password to whatever you want.  Who cares what the password is?
That's useless knowledge.

If he's using a password to encrypt certain files, then
you're just out of luck.


Gary Frederick wrote:
> Howdy,
> 
> Would it be better to just change the password as root?
> 
> I would not be comfortable with cracking someone's password.
> 
> Gary
> 
> Martin Woolley wrote:
> 
>> On Thursday 11 Nov 2004 10:24 am, Will Hatch wrote:
>>
>>> I have a disgruntled student who changed his user password and will not
>>> tell faculty what it is.  I can access his home directory from root I 
>>> know,
>>> but would still like to find out this password.  How do I do this? I 
>>> have
>>> locked his account out.  Also, is there a way to make it so they cannot
>>> change their password?  thanks!
>>
>>
>>
>> John the Ripper will crack a password, provided the cunning user 
>> hasn't made it too complex.  For instance, I think John will find 
>> lem0n but it won't find h2so4.  www.openwall.com/john  Why bother to 
>> crack it?  Just change it to something that you know.
>>
>> I don't know how you can prevent the user from changing their 
>> password, but that doesn't mean that there isn't one.  One solution is 
>> to write a script that calls /usr/sbin/chpasswd ; this needs an input 
>> file of :
>> username:password
>> You can call this from cron so that it will constantly change the 
>> users password back, or you could write a C wrapper to call it from 
>> .bash_logout for the user, or you could use sudo to achieve the same 
>> thing, making the permissions script that you call from .bash_logout 
>> 711 .  
> 
> 
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>