On Wed, 17 Dec 2003 10:30:48 +1000, Ian Mortimer wrote > > Is there a way to confirm a users password without actually logging in as > > the user? So that if I think that the password is 'pass-wd-x' for user > > 'xyz' I can confirm it from the command line. > > The perl script below will do this if you have access to the shadow > password file. Run the script, enter the salt (from /etc/shadow) > and the suspected password. If the encrypted password returns the > same string as in /etc/shadow the passwords are the same. > > For crypt encrypted passwords the salt is the first two characters. > For md5 encrypted passwords the salt is the first 11 characters (up > to and including the 3rd $). Very nice script, thank you for sharing it. Given MD 5: auser:$1$2k2tsW3e$58OdZHqZ1p1VkU7pEeu9U1: salt is $1$2k2tsW3e$ and the encrypted PW is 58OdZHqZ1p1VkU7pEeu9U1 Correct? -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
