Lost User Account Passwords
mailman at hanez.org
Wed Feb 2 18:00:29 UTC 2005
On Wednesday 02 February 2005 18:32, Tim Alberts wrote:
> I'm running apache on a FC3 linux box. I'm trying to make user password
> control more available. I know the passwd command to change user
> passwords. My question is, if a user enters a password and they forget
> it, how can they get the password back out of the system without just
> re-entering a new one?
I don't think it is possible to do that. The Passwords are stored in an
encrypted format in the file /etc/shadow. You need to brutforce or crack the
file in some other way to read the user Paswords. I think this is part of the
security concept in linux. If a user has lost his password noone could give
him the old password back even not the user root. This is a good way to
protect passwords i think.
Example: When you're installing some webapplication like phpBB it's the same
behaveior cause all passwords are stored as MD5. Most webapps are generating
a new password when the user has lost it. If not they need to store passwords
in plain text. That would be ugly!!!
More information about the users