[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Shadow Passwords

Subject: Re: [cobalt-security] Shadow Passwords
From: "Kevin D" <kdlists@xxxxxxxxxxxxxxx>
Date: Wed, 1 Aug 2001 09:35:16 -0400
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

From: <cobalt@xxxxxxxxxxxxx>

> Our problem is that the Cobalt OS seems to encrypt passwords differently
> than on the RedHat 6.0 system.  For example when moving accounts from
> Redhat6.0 to FreeBSD servers we could simply cut and paste the shadow line
> and it would work.  Does anyone have a suggestion on what we can do to
solve
> this issue, or am I up the creek without a decrypted paddle.

Cobalt's original OS was based on RH6.2, I'm not sure if this has changed
for the raq4.

In any event, you could use the crypt function in perl to check your
passwords on file and see which ones you do know. You can migrate the ones
that you do know and contact the customers of the ones that you don't,
letting them know that their password has been changed back to the original
that they gave you.

Alternatively, you could try some brute-force cracking using the crypt
function, but I suspect that would take a long time.

Kevin

References:
- [cobalt-security] Shadow Passwords
  - From: cobalt

Prev by Date: Re: [cobalt-security] Mail to root ???
Next by Date: Re: [cobalt-security] Mail to root ???
Previous by thread: Re: [cobalt-security] Shadow Passwords
Next by thread: Re: [cobalt-security] Shadow Passwords

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index