BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Shadow file entry question

Subject: Shadow file entry question
From: nmeyers-BigylZdZcsdmcu3hnIyYJQ at public.gmane.org (Nathan Meyers)
Date: Fri, 19 Nov 2010 11:31:43 -0500
In-reply-to: <A4C1B006DAFFA847951A7642E3E6979B0864BD6E22-ECgVUCs3bJE/Q/Mj1aAjxjvvJXYVMs1G@public.gmane.org>
References: <A4C1B006DAFFA847951A7642E3E6979B0864BD6E20@prdmail02.postscript.int> <20101119161227.GA21980@javalinux.net> <A4C1B006DAFFA847951A7642E3E6979B0864BD6E22@prdmail02.postscript.int>

On Fri, Nov 19, 2010 at 11:18:42AM -0500, Chandler, Scott wrote:
> The "x" is a standin for an encrypted password in the *passwd* file, not the shadow file.
> 
> If I had to guess, I'd say that someone manually edited the shadow file to prevent logons but I can't confirm that.
> 
> Any other thoughts?

There was nothing wrong with this thought :-). Agreed that it's an odd
value, but the shadow(5) manpage indicates it will have the same effect
as the more typical "*" used for that purpose:

	   If the password field contains some string that is not a valid
	   result of crypt(3), for instance ! or *, the user will not be able
	   to use a unix password to log in (but the user may log in the
	   system by other means).

Nathan


> 
> 
> -----Original Message-----
> From: Nathan Meyers [mailto:nmeyers-BigylZdZcsdmcu3hnIyYJQ at public.gmane.org] 
> Sent: Friday, November 19, 2010 11:12 AM
> To: Chandler, Scott
> Cc: discuss-mNDKBlG2WHs at public.gmane.org
> Subject: Re: Shadow file entry question
> 
> On Fri, Nov 19, 2010 at 10:50:32AM -0500, Chandler, Scott wrote:
> > We've got a system which is being audited for SOX compliance. The auditors are asking about entries in the shadow file. For the users haldaemon and messagebus, the password section contains a single x. Note, this is the shadow file, not the passwd file. Any idea what that x denotes?
> > 
> > haldaemon:x:14517:0:99999:7:::0
> > messagebus:x:14517:0:99999:7:::0
> 
> The shadow file holds the actual (encrypted) passwords if you're using shadow passwords. That "x" is a standin for the encrypted password; because it's there, there is no valid password for those accounts and they cannot do password-based login.
> 
> Nathan
> 
> 
> > > Thanks, > Scott > > _______________________________________________
> > Discuss mailing list > Discuss-mNDKBlG2WHs at public.gmane.org >
> http://lists.blu.org/mailman/listinfo/discuss >
> 
> 
> _______________________________________________
> Discuss mailing list
> Discuss-mNDKBlG2WHs at public.gmane.org
> http://lists.blu.org/mailman/listinfo/discuss
>

References:
- Shadow file entry question
  - From: Scott.Chandler-VQAUrahS1b5BDgjK7y7TUQ at public.gmane.org (Chandler, Scott)
- Shadow file entry question
  - From: nmeyers-BigylZdZcsdmcu3hnIyYJQ at public.gmane.org (Nathan Meyers)
- Shadow file entry question
  - From: Scott.Chandler-VQAUrahS1b5BDgjK7y7TUQ at public.gmane.org (Chandler, Scott)

Prev by Date: Shadow file entry question
Next by Date: Shadow file entry question
Previous by thread: Shadow file entry question
Next by thread: Shadow file entry question
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Boston Linux & Unix / webmaster@blu.org