Re: HP Unix Root Password
From: Colin McKinnon (colin.thisisnotmysurname_at_ntlworld.deletemeunlessURaBot.com)
Date: 06/25/04
- Previous message: Bob Ceculski: "OpenVMS Certs since 2000 - 2, AIX 29, how about your OS?"
- In reply to: Russ: "HP Unix Root Password"
- Next in thread: Chris Calabrese: "Re: HP Unix Root Password"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 25 Jun 2004 18:49:15 +0100
Russ spilled the following:
> I have a HP-UX box running in trusted mode, therefore all passwords in
> /etc/passwd are represented by * and are stored in an encrypted db....
> all of the entries are stored like this except for ROOT which is the
> only entry which has an encrypted string representing the password...
> which I think is really BAD, but was wondering if there were
> legitiamate reasons for doing this
Seems weird - sure it's not just a hangover from before it went trusted?
Does it change when you change the root password? The whole point of shadow
passwords is that you can do forward (brute-force) searching on the
/etc/passwd value because /etc/passwd has to be world-readable.
I don't remember all that much about trusted on HP (except that the cons
outweighed the pros massively n the context I was working in) but I can't
beleive that it still keeps the root pass in /etc/passwd.
Its easy enough to test tho - so give it a go.
C.
- Previous message: Bob Ceculski: "OpenVMS Certs since 2000 - 2, AIX 29, how about your OS?"
- In reply to: Russ: "HP Unix Root Password"
- Next in thread: Chris Calabrese: "Re: HP Unix Root Password"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
