Skip to content

Linux - Password

Commands

Display password policy for an user:

chage -l {user}
# Ex: chage -l lkone

/etc/shadow

How it work

Basically, the /etc/shadow file stores secure user account information. All fields are separated by a colon (:) symbol. It contains one entry per line for each user listed in /etc/passwd file. 

lkone:$1$fnnfcFgTiHGOfff#5:13064:0:99999:7:::
#---- -------------------- ----- - ----- -
# 1             2            3   4   5   6
  1. Username
  2. Encrypted Password (${id}${salt}${hashed}). With id:
  3. $1$: md5
  4. $2a$: Blowfish
  5. $2y$: Blowfish
  6. $5$: sha-256
  7. $6$: sha-512
  8. Last password change
  9. Minimum: The minimum number of days required between password changes.
  10. Maximum: The maximum number of days the password is valid.
  11. Warn: The number of days before password is to expire that user is warned.
  12. Inactive: The number of days after password expires that account is disabled.
  13. Expire: days since Jan 1, 1970 that account is disabled.

Verify Integrity

You can use pwck command verifies the integrity of the users and authentication information:

# Shadow file:
pwck -r /etc/shadow

# Passwd file:
pwck -r /etc/passwd

# Both
pwck -r /etc/passwd /etc/shadow

Generate Password

With openssl command:

openssl passwd -6 -salt xyz {password}
# With:
#  -1: MD5
#  -5: SHA256
#  -6: SHA512 (Recommanded)

With mkpasswd command:

mkpasswd --method={method} --stdin
# With method:
#  md5
#  sha-256
#  sha-512

With chpasswd command (Update existing password):

echo "{user}:{password}" | chpasswd

Random Password

With dd command:

length=32
base64 /dev/urandom | tr -d "/+" | dd bs=$length count=1 status=none | xargs echo;

With openssl command:

length=32
openssl rand -base64 $length
  • https://www.cyberciti.biz/faq/understanding-etcshadow-file/
Back to top