Lost User Account Passwords
Johannes Findeisen
mailman at hanez.org
Wed Feb 2 18:00:29 UTC 2005
Hello Tim,
On Wednesday 02 February 2005 18:32, Tim Alberts wrote:
> I'm running apache on a FC3 linux box. I'm trying to make user password
> control more available. I know the passwd command to change user
> passwords. My question is, if a user enters a password and they forget
> it, how can they get the password back out of the system without just
> re-entering a new one?
I don't think it is possible to do that. The Passwords are stored in an
encrypted format in the file /etc/shadow. You need to brutforce or crack the
file in some other way to read the user Paswords. I think this is part of the
security concept in linux. If a user has lost his password noone could give
him the old password back even not the user root. This is a good way to
protect passwords i think.
Example: When you're installing some webapplication like phpBB it's the same
behaveior cause all passwords are stored as MD5. Most webapps are generating
a new password when the user has lost it. If not they need to store passwords
in plain text. That would be ugly!!!
Regards
Johannes
More information about the users
mailing list