Date: Sun, 24 Mar 1996 01:34:32 -0700 From: wes@intele.net To: sysop@gaianet.net (Chad Shackley) Cc: questions@freebsd.org Subject: Passwords Message-ID: <199603240834.BAA02753@obie.softweyr.com> In-Reply-To: <85523811@toto.iv>
next in thread | previous in thread | raw e-mail | index | archive | help
Chad Shackley writes:
> Well, I guess I needed to explain it a little more, but the
> question *WAS* very simple, how I find out what a user's password
> is.
>
> The main reason was, people do forget their passwords, and then
> they ask me what it is. Rather than telling them to give me
> another password and changing it for them, I was curious if there
> was a way to tell what their current password was. It just makes
> things a lot speedier if they tell me they forgot it, I email them
> with that it is; rather than them telling me they forgot it, me
> asking them what they want me to change it to, them telling me, me
> changing it, emailing them the new one, and then they finally can
> get into their accounts.
>
> Not that I feel sorry for them, I mean you deserve a little
> punishment if you forget your password.
Archie around for crack. It'll tell you what a users password is,
if you've got 5 or 6 days on a Pentium. ;^)
The UNIX password encryption algorithm is a one-way street. When you
set your password with passwd(1), the password you typed is used as
the key to encrypt some known text; the result is stored in the passwd
file. When you login, your password is read from the terminal,
encrypted in the same manner, and the result checked against the
string in the passwd database. There is no known decryption for
passwd entriess, unless the NSA knows something they're not telling
us.
If your user forgets his or her password, set the password to a
foolish value and "expire" the password. The user will have to choose
a new password upon logging into the system. Unfortunately, I cannot
seem to find a way to set the password expiration (or change time) on
FreeBSD.
If your user has already forgotten the previous value, obviously he or
she needs an opportunity to choose a new password. ;^)
--
Wes Peters | Yes I am a pirate, two hundred years too late
Softweyr | The cannons don't thunder, there's nothing to plunder
Consulting | I'm an over forty victim of fate...
wes@intele.net | Jimmy Buffett
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199603240834.BAA02753>