Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Given a linux username and a password how can I test if it is a valid account? [closed]

So my question is straight forward given a linux username and a password how can I test if it is a valid account?

like image 512
smit Avatar asked Aug 03 '13 16:08

smit


People also ask

How does Linux verify user password?

Linux does not store any plain password. It only stores hashes of passwords in a file called the shadow file. That makes cracking passwords more difficult by the contrast of ancient versions of Windows in which raw passwords were stored in the system registry.

What role do the username and password play in logging into an email account?

The username is an identifier: it tells the computer who you are. In contrast, a password is an authenticator: you use it to prove to the operating system that you are who you claim to be.

Which option can be used to view status information about the current user's password in Linux?

As the name suggests passwd command in linux is used to change the password of system users. If the passwd command is executed by non-root user then it will prompt for the current password and then allows to set new password of a user who has invoked the command.

Can the password and username be the same in Linux?

On unix systems, each separate user account has a unique username. Passwords, then, are not unique - every distinct user could have the same exact password.


2 Answers

You can validate that a given password is correct for a given username using the shadow file.

On most modern distributions, the hashed passwords are stored in the shadow file /etc/shadow (which is only readable by root). As root, pull the line from the shadow file for the given user like so:

cat /etc/shadow | grep username 

You will see something like this:

username:$1$TrOIigLp$PUHL00kS5UY3CMVaiC0/g0:15020:0:99999:7::: 

After the username there is $1. This indicates that it is an MD5 hash. After that there is another $, then (in this case) TrOIigLp followed by another $. TrOIigLp is the salt. After that is the hashed password, which was hashed using the salt - in this case PUHL00kS5UY3CMVaiC0/g0.

Now, you can use openssl to hash the given password using the same salt, like so:

openssl passwd -1 -salt TrOIigLp 

Enter the given password when prompted, the openssl command should compute the MD5 hash using the salt provided, and it should be exactly the same as the above from the shadow file. The -1 in the above command is for MD5 hashing.

like image 176
mti2935 Avatar answered Sep 26 '22 15:09

mti2935


If you are concerned about security (which you should be), the accepted answer represents a security risk by leaving the plaintext password in the ~/.bash_history file. With this in mind, it would be better to try logging in, or perhaps removing this entry from the ~/.bash_history.

like image 27
Stringers Avatar answered Sep 24 '22 15:09

Stringers