The format of password files for almost all Unix-like operating systems is the same, and Linux is no exception. Password security is one of the traditional security issues of the Linux operating system. Traditional passwords and shadow passwords /etc/passwd is a password file that stores basic information about users. Each line of the password file contains 7 fields separated by 6 colons: username: passwd: uid: gid: comments: directory: shell The above 7 fields from left to right are described as follows: username: is the user login first name. Passwd: is the password ciphertext domain. The ciphertext is an encrypted password. If the password passes shadow, the password ciphertext field only displays an x. Usually, the password should be shadowed to ensure security. If the password ciphertext field is displayed as *, the username is valid but cannot be logged in. If the password ciphertext field is empty, it means that the user does not need a password to log in. Uid: The number used by the system to uniquely identify the user name. The uid system is assigned as follows: 0 Super User 1~10 Daemon and Pseudo User 11~99 System Reserved User 100~ Normal User gid: Indicates the default group number of the user. Determined by the /etc/group file. Comments: Describe the user's personal information. Directory: defines the user's initial working directory. Shell: is the shell that specifies the user to start after logging in to the system. Table 1 lists the standard users created by the system during the installation process. The contents of the table are consistent with the description of the /etc/passwd file. Table 2 lists the standard user groups created during system installation, and the /etc/group file is consistent: Linux uses an irreversible encryption algorithm such as DES to encrypt passwords. Since the encryption algorithm is irreversible, it is not from the ciphertext. To the plain text. But the problem is that the /etc/passwd file is globally readable, and the encryption algorithm is public. If a malicious user gets the /etc/passwd file, he can exhaust all possible plaintexts and calculate the secret through the same algorithm. The text is compared until the same, so he cracks the password. Therefore, for this security issue, Linux/Unix widely adopts the "shadow" mechanism to transfer the encrypted password to the /etc/shadow file, which is only readable by the root superuser, and at the same time /The ciphertext field of the etc/passwd file is displayed as an x, minimizing the chance of ciphertext leaks. Each line of the /etc/shadow file is 9 fields separated by 8 colons, in the following format: username: passwd: lastchg: min: max: warn: inactive: expire: flag where: lastchg: indicates from January 1, 1970 The number of days since the password was last modified. Min: indicates the number of days that have elapsed between password changes. Max: indicates the maximum number of days the password will be valid. If it is 99999, it means never expires. Warn: Indicates how many days before the password expires, the system warns the user. Inactive: Indicates the number of days when the username is invalid before login. Expire: Indicates when the user is forbidden to log in. 0 flag: meaningless, not used. Enabling Shadow Password RedHat Linux installs shadow by default. If you find that your system's /etc/passwd file still sees cipher text, it means that you have not enabled shadow. You can execute pwconv to enable shadow. In RedHat Linux 7.1, the shadow utility (shadow utils) contains several tools that support the following functions: Conversion tools between traditional passwords and shadow passwords: pwconv, pwunconv. Verify passwords, groups, and corresponding shadow files: pwck, grpck. Add, delete, and modify user accounts in an industry-standard way: useradd, usermod, userdel. Add, delete, and modify user groups in an industry-standard way: groupadd, groupmod, groupdel. Manage files /etc/group in an industry-standard way. The above tools can be used normally regardless of whether the system has the shadow mechanism enabled. Change the minimum length of the Linux password. The default minimum password length for Linux system is 5 characters. This length is not enough to ensure the robustness of the password. It should be changed to a minimum of 8 characters. Edit the /etc/login.defs file. In this file, PASS_MIN_LEN 5 is changed to: PASS_MIN_LEN 8
disk partitioning under Linux, file system formatting and raid devicecomparing disk partition format
The following error message appears after starting vnc4server: LSPPC-Lenny:~# vnc4serverxauth: (stdi
Because of work and study, you need to use Securecurt to operate Linux (Red Hat Enterprise Linux 5)
We all know how to query the installation time of win7 system? In fact, it is very simple, you can f
Git some small experience and tips overview
Talk about how to learn Linux system
Basic knowledge of Linux distributions and installations
Scp copying between Linux hosts without entering a password
Clearing the record of operation information under Linux system
How to Manage KVM Virtual Environments with Command Line Tools in Linux
RS232/RS422/RS485 communication interface difference
Umount: /home: device is busy solution
Linux installation iftop traffic monitoring tool
Windows 10 set the graphics power-on password is safe and personalized
How to shut down win8 system Set win8 one-button shutdown method
What should I do if there are two U disk icons in the left navigation bar of the win10 computer?
Win7 system computer switch dynamic map disappears solution
Win XP group policy is reasonable to make the system more secure (1)
Three steps to solve the problem of win7 system local group policy can not open
Win7 use system tools to view power usage efficiency
How to buy a lottery ticket on Taobao?