Comments in /etc/passwd
Gordon Burditt
gordon at sneaky.TANDY.COM
Mon Jan 9 10:27:17 AEST 1989
> The only safe way I have found to do this is by creating dummy accounts:
>_:- :6:6::: ***************************
>_:- :6:6: * Remote System Logins:: *
>_:- :6:6::: ***************************
> Every comment line contains a filled in passwd field, prehaps someone
> very familiar with DES (I'm not at all) could figure out the "unencrypted"
> form.
The alphabet for encrypted passwords consists of A-Z, a-z, 0-9, period, and
slash. Anything in the password field that contains a character other
than these, or which isn't 13 characters long, doesn't have a
corresponding "unencrypted" form. DES produces a 64-bit binary value
which crypt(3) then turns into printable form. There is also the 12-bit
salt. You don't have to know anything more about DES. The turn-to-printable
routine divides the salt into 2 6-bit hunks and the DES value into 11
6-bit hunks (using 2 extra dummy bits), and each hunk is represented by
1 character, taken from the set listed above. Crypt(3) is never going to
produce encrypted passwords containing '*', blanks, or 1-character long
encrypted passwords, so no password can ever match.
As far as login, su, etc. are concerned, this method of inserting comments
is safe.
> Some utilities don't like seeing more than one account with the same
> uid and gid combination. This has not been a problem at this site.
The only standard (Sys V) utilities I am familiar with that complain
about multiple accounts with the same uid/gid combination are those
specifically designed to do so (and their entire function is to check the
sanity of the password and group files: "pwcheck" and "grpcheck".
You can ignore the messages related to the comment entries unless you
have a boss that takes the messages as gospel and insists you fix
the problem. Some systems have distributed password files with the same
uid/gid combinations in the password file.
Gordon L. Burditt
...!texbell!sneaky!gordon
More information about the Comp.unix.questions
mailing list