LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 10-03-2004, 01:03 AM   #1
inetw
LQ Newbie
 
Registered: Oct 2004
Posts: 4

Rep: Reputation: 0
Question password encryption is changing


Hello,

I am using SuSE 9.1 on a public web-server. Every night the password encryption is changing I see that because all passwords in /etc/shadow are new. The only password which is working is the root password, but it also changed in /etc/shadow.
I don't think that there is a strange root login who is changing all, because with last|less there is nothing except my logins.
I also installed Rootkit Hunter 1.1.1, and nothing to find...
Does anybody know where passwd saves the encryption routine? I think if I change it to chmod 444 it can't be changed anymore.
Or does anybody know another solution for this horrible problem?

The bad thing is I have to set every morning all passwords again from all users on the system...

Alex

Last edited by inetw; 10-03-2004 at 01:05 AM.
 
Old 10-03-2004, 01:28 AM   #2
320mb
Senior Member
 
Registered: Nov 2002
Location: pikes peak
Distribution: Slackware, LFS
Posts: 2,577

Rep: Reputation: 47
the /etc/shadow file should be ----640
users should NOT be able to read this file at all........

have you read the man shadow
and man crypt
pages??

http://man.linuxquestions.org/index....ction=0&type=2

http://man.linuxquestions.org/index....pe=2&section=5
 
Old 10-03-2004, 01:58 AM   #3
inetw
LQ Newbie
 
Registered: Oct 2004
Posts: 4

Original Poster
Rep: Reputation: 0
I mean encryption routine, NOT the password file!
Because the encrytion changes every day. so the code of the same password looks every day new. I mean the entry in /etc/shadow is every day another one with the same passwort and the same username!
 
Old 10-03-2004, 12:44 PM   #4
randyding
Member
 
Registered: May 2004
Posts: 552

Rep: Reputation: 31
Hello, I'm not completely sure what's happening on your system, but here is what I know about password setting. When you set a password, there is a random salt. This makes the encrypted password different every time even if the password is exactly the same.
See man 3 crypt for more information.
From what you said so far, it doesn't seem like the routine is really changing. If something is changing your passwords every day then that is indeed very strange.

Are you saying the user passwords change every day and then those users can not log in unless you reset their password again from the root account?
 
Old 10-03-2004, 01:06 PM   #5
inetw
LQ Newbie
 
Registered: Oct 2004
Posts: 4

Original Poster
Rep: Reputation: 0
The /etc/shadow file does not change it's yesterday and today the same content, but yesterday I can login with that password and today it isn't working anymore. When I set again the same password for the same user it's another encrypted password in /etc/shadow and the it's working again. But tomorrow I have to set the password again for that users.
Except the root account this encrytpted passwort also changes in /etc/shadow but it works for login al the time...

Last edited by inetw; 10-03-2004 at 01:09 PM.
 
Old 10-03-2004, 03:15 PM   #6
randyding
Member
 
Registered: May 2004
Posts: 552

Rep: Reputation: 31
I'm sure its just me as usual, still trying to understand what you are saying. I think you are saying the passwords are not changing, just login is failing and resetting the password makes it work again. The only account this does not happen to is root.

Ok, well then I don't know why, its beyond my knowledge so far. Perhaps the password expiration is set very short, like to 1 day. I've never configured password expiration, probably look it up in SuSE docs.
 
Old 10-04-2004, 03:29 PM   #7
inetw
LQ Newbie
 
Registered: Oct 2004
Posts: 4

Original Poster
Rep: Reputation: 0
well, password expiration is set to 99999 days.

I think the passwort don't expire, insted the passwort coding is changing.

For example:
Today the password for user "user" is xxx
its in etc /shadow:
user:$1$abjhfdjhfdrs

Tomorrow when I look in /etc/shadow it's still the same entry there but I can't login with that passwort. When I type:
passwd user
and set the "user" passwort again to xxx
/etc /shadow contains:
user:$1$76gr34rh87dr

So it's the same passwort but in /etc/ shadow it's another entrie, that's why I think the coding algorithm is changing every day... But where and why is it?
 
Old 10-04-2004, 09:00 PM   #8
randyding
Member
 
Registered: May 2004
Posts: 552

Rep: Reputation: 31
Hello, as we said earlier, take a look at man 3 crypt, it explains why the encrypted password is different every time. Believe me this is normal. There is a 2 letter random salt that makes the encrypted (sorry, hashed) password different every time. Its actually the second argument to the crypt() function which is responsible for hashing your passwords.
The man page also says that if your salt is "$1$" then it will encrypt with the MD5 algorithm instead of DES. If you look at what you just posted, your hashed password starts with "$1$". I don't know what is going on but there is more information for you. Check out the crypt man page again.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Password Encryption morningkiran Linux - Security 2 10-10-2004 07:17 AM
WEP encryption password fatrandy13 Linux - Wireless Networking 14 09-15-2004 02:39 PM
Shadow password encryption mnisski Linux - General 3 05-28-2004 06:24 PM
password encryption Lanmate Linux - Security 2 12-26-2003 04:15 AM
Password encryption???: shakeeb Linux - General 4 11-07-2003 07:50 PM


All times are GMT -5. The time now is 10:43 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration