From owner-freebsd-questions@FreeBSD.ORG Thu Dec 18 07:15:20 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 947CE16A4CE for ; Thu, 18 Dec 2003 07:15:20 -0800 (PST) Received: from mail.tsgincorporated.com (mail.tsgincorporated.com [67.66.242.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4233243D1D for ; Thu, 18 Dec 2003 07:15:19 -0800 (PST) (envelope-from micheal@tsgincorporated.com) Received: (from root@localhost) by mail.tsgincorporated.com (8.12.10/8.12.8) id hBIFFIHS094965; Thu, 18 Dec 2003 09:15:18 -0600 (CST) (envelope-from micheal@tsgincorporated.com) Received: from micheal (micheal.tsgincorporated.com [67.66.242.77]) hBIFFFAg094954; Thu, 18 Dec 2003 09:15:15 -0600 (CST) (envelope-from micheal@tsgincorporated.com) Message-ID: <5c8e01c3c579$bd737140$4df24243@tsgincorporated.com> From: "Micheal Patterson" To: "Rhys John" , References: Date: Thu, 18 Dec 2003 09:15:12 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Virus-Scanned: by AMaViS 0.3.12 Subject: Re: master.passwd -- securing X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Dec 2003 15:15:20 -0000 ----- Original Message ----- From: "Rhys John" To: Sent: Thursday, December 18, 2003 5:44 AM Subject: Re: master.passwd -- securing > Both accounts are now active but i would like to remove the encrypted > password from master.passwd and replace it with a *. Is this possible with > "vipw"? > > Thanks for your reply hugle In normal stand alone operation, no. It's not possible at all. There has to be a password hash local to the machine. Now, if you're configured to use another method of password storage as has been previously mentioned, that's a different story. Although, best practice would be to have at least one user account in wheel, and the root user with a valid login password. If you're worried about someone viewing the master.passwd file and obtaining the hash, don't. Only root, by default, can touch that file. If you have someone that has breeched the system to the point they're able to open that file, then the problem of them viewing the password hash is quite moot. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.