Jump to content

passwd

From Wikipedia, the free encyclopedia
Not to be confused with the "passwd" key used in theName Service Switch,which can use/etc/passwdas a source.
passwd
Original author(s)AT&T Bell Laboratories
Developer(s)Variousopen-sourceandcommercialdevelopers
Operating systemUnix,Unix-like,Plan 9,Inferno
PlatformCross-platform
TypeCommand

passwdis acommandonUnix,Plan 9,Inferno,and mostUnix-likeoperating systemsused to change a user'spassword.The password entered by the user is run through akey derivation functionto create ahashed versionof the new password, which is saved. Only the hashed version is stored; the entered password is not saved for security reasons.

When the user logs on, the password entered by the user during the log on process is run through the same key derivation function and the resulting hashed version is compared with the saved version. If the hashes are identical, the entered password is considered to be correct, and the user is authenticated. In theory, it is possible for two different passwords toproduce the same hash.However,cryptographic hash functionsare designed in such a way that finding any password that produces the same hash is very difficult and practically infeasible, so if the produced hash matches the stored one, the user can be authenticated.

The passwd command may be used to change passwords for local accounts, and on most systems, can also be used to change passwords managed in a distributed authentication mechanism such asNIS,Kerberos,orLDAP.

Password file

[edit]

The/etc/passwdfile is a text-based database of information aboutusersthat maylog intothe system or other operating system user identities that own running processes.

In many operating systems, this file is just one of many possible back-ends for the more generalpasswd name service.

The file's name originates from one of its initial functions as it contained the data used to verifypasswordsof user accounts. However, on modernUnixsystems the security-sensitive password information is instead often stored in a different file using shadow passwords, or other database implementations.

The/etc/passwdfile typically hasfile system permissionsthat allow it to be readable by all users of the system (world-readable), although it may only be modified by thesuperuseror by using a few special purpose privileged commands.

The/etc/passwdfile is atext filewith one record perline,each describing auser account. Each record consists of seven fields separated bycolons.The ordering of the records within the file is generally unimportant.

An example record may be: 

jsmith:x:1001:1000:Joe Smith,Room 1007,(234)555-8910,(234)555-0044,email:/home/jsmith:/bin/sh

The fields, in order from left to right, are:[1]

  1. jsmith:User name: the string a user would type in when logging into the operating system: thelogname.Must be unique across users listed in the file.
  2. x:Information used to validate a user'spassword.The format is the same as that of the analogous field in theshadow passwordfile, with the additional convention that setting it to "x" means the actual password is found in the shadow file, a common occurrence on modern systems.[2]
  3. 1001:user identifiernumber, used by the operating system for internal purposes. It must be unique as it identifies users uniquely.
  4. 1000:group identifiernumber, which identifies the primary group of the user; all files that are created by this user may initially be accessible to this group.
  5. Joe Smith,Room 1007...:Gecos field,commentary that describes the person or account. Typically, this is a set of comma-separated values including the user's full name and contact details.[3]
  6. /home/jsmith:Path to the user'shome directory.
  7. /bin/sh:Program that is started every time the user logs into the system. For an interactive user, this is usually one of the system'scommand line interpreters(shells).

Shadow file

[edit]

/etc/shadowis used to increase the security level of passwords by restricting all but highly privileged users' access to hashed password data. Typically, that data is kept in files owned by and accessible only by thesuper user.

Systems administrators can reduce the likelihood of brute-force attacks by making the list of hashed passwords unreadable by unprivileged users. The obvious way to do this is to make thepasswddatabase itself readable only by the root user. However, this would restrict access to other data in the file such as username-to-userid mappings, which would break many existing utilities and provisions. One solution is a "shadow" password file to hold the password hashes separate from the other data in the world-readablepasswdfile. For local files, this is usually/etc/shadowonLinuxand Unix systems, or/etc/master.passwdonBSDsystems; each is readable only byroot.(Root access to the data is considered acceptable since on systems with the traditional "all-powerful root" security model, the root user would be able to obtain the information in other ways in any case). Virtually all recentUnix-likeoperating systems use shadowed passwords.

The shadow password file does not entirely solve the problem of attacker access to hashed passwords, as some network authentication schemes operate by transmitting the hashed password over the network (sometimes incleartext,e.g.,Telnet[4]), making it vulnerable to interception. Copies of system data, such as system backups written to tape or optical media, can also become a means for illicitly obtaining hashed passwords. In addition, the functions used by legitimate password-checking programs need to be written in such a way that malicious programs cannot make rapid authentication checks.

Regardless of whether password shadowing is in effect on a given system, the passwd file is readable by all users so that various system utilities (e.g.,grep) can work (e.g., to ensure that user names existing on the system can be found inside the file), while only the root user can write to it. Without password shadowing, this means that an attacker with unprivileged access to the system can obtain the hashed form of every user's password. Those values can be used to mount abrute force attackoffline, testing possible passwords against the hashed passwords relatively quickly without alerting system security arrangements designed to detect an abnormal number of failedloginattempts. Especially when the hash is not salted it is also possible to look up these hashed passwords inrainbow tables,databases specially made for giving back a password for a unique hash.

With a shadowed password scheme in use, the/etc/passwdfile typically shows a character such as '*', or 'x' in the password field for each user instead of the hashed password, and/etc/shadowusually contains the following user information:

  • User login name
  • saltand hashed password OR a status exception value e.g.:
    • $id$salt$hashed,the printable form of a password hash as produced bycrypt (C),where$idis the algorithm used. Other Unix-like systems may have different values, likeNetBSD.Key stretchingis used to increasepassword crackingdifficulty, using by default 1000 rounds of modified MD5,[5]64 rounds of Blowfish, 5000 rounds of SHA-256 or SHA-512.[6]The number of rounds may be varied forBlowfish,or for SHA-256 and SHA-512 by using$A$rounds=X$,where "A" and "X" are the algorithm IDs and the number of rounds. Common id values include:[7]
      • $1$– MD5
      • $2$,$2a$,$2b$bcrypt
      • $5$– SHA-256
      • $6$– SHA-512
      • $y$yescrypt
    • Empty string – No password, the account has no password (reported by passwd on Solaris with "NP" ).[8]
    • "!","*" – the account is password locked, user will be unable to log in via password authentication but other methods (e.g. ssh key, logging in as root) may be still allowed.
    • "*LK*" – the account itself is locked, user will be unable to log in.
    • "*NP*", "!!" – the password has never been set[9]
  • Days sinceepochof last password change
  • Days until change allowed
  • Days before change required
  • Days warning for expiration
  • Days after no logins before account is locked
  • Days since epoch when account expires
  • Reserved and unused

The format of the shadow file is simple, and basically identical to that of the password file, to wit, one line per user, ordered fields on each line, and fields separated by colons. Many[quantify]systems require the order of user lines in the shadow file be identical to the order of the corresponding users in the password file.

History

[edit]

Prior to password shadowing, a Unix user's hashed password was stored in the second field of their record in the/etc/passwdfile (within the seven-field format as outlined above).

Password shadowing first appeared in Unix systems with the development ofSunOSin the mid-1980s,[10]System VRelease 3.2 in 1988 andBSD4.3 Reno in 1990. But, vendors who had performed ports from earlier UNIX releases did not always include the new password shadowing features in their releases, leaving users of those systems exposed to password file attacks.

System administrators may also arrange for the storage of passwords in distributed databases such asNISandLDAP,rather than in files on each connected system. In the case of NIS, the shadow password mechanism is often still used on the NIS servers; in other distributed mechanisms the problem of access to the various user authentication components is handled by the security mechanisms of the underlying data repository.

In 1987, the author of the originalShadow Password Suite,Julie Haugh, experienced a computer break-in and wrote the initial release of the Shadow Suite containing thelogin,passwdandsucommands. The original release, written for the SCOXenixoperating system, quickly got ported to other platforms. The Shadow Suite was ported toLinuxin 1992 one year after the original announcement of the Linux project, and was included in many early distributions, and continues to be included in many currentLinuxdistributions.

In the past, it was necessary to have different commands to change passwords in different authentication schemes. For example, the command to change a NIS password wasyppasswd.This required users to be aware of the different methods to change passwords for different systems, and also resulted in wasteful duplication of code in the various programs that performed the same functions with differentback ends.In most implementations, there is now a single passwd command, and the control of where the password is actually changed is handled transparently to the user viapluggable authentication modules(PAMs). For example, the type of hash used is dictated by the configuration of thepam_unix.somodule. By default, theMD5hash has been used, while current modules are also capable of stronger hashes such asblowfish,SHA256andSHA512.

See also

[edit]

References

[edit]
  1. ^Understanding/etc/passwdFile Format
  2. ^"passwd(5) - Linux manual page".Man7.org.Retrieved2014-08-25.
  3. ^Adams, David."How to View and Understand the /etc/passwd file in Linux".
  4. ^RFC 2877:5250 Telnet Enhancements
  5. ^"Password hashing with MD5-crypt in relation to MD5 – Vidar's Blog".9 August 2011.
  6. ^"Implementation of SHA512-crypt vs MD5-crypt – Vidar's Blog".16 August 2011.
  7. ^"Modular Crypt Format".Archived fromthe originalon 2022-01-07.Retrieved2022-01-29.
  8. ^"solaris - passwd (1)".cs.bgu.ac.il.Archived fromthe originalon 2013-12-17.
  9. ^"6.3. Red Hat Enterprise Linux-Specific Information".Access.redhat.Retrieved2014-08-25.
  10. ^"passwd.adjunt(5) in SunOS-4.1.3".Modman.unixdev.net.Retrieved2016-01-03.
[edit]
Retrieved from "https://en.wikipedia.org/w/index.php?title=Passwd&oldid=1247421702"