[ Team LiB ] Previous Section Next Section

Recipe 9.3 Finding Accounts with No Password

9.3.1 Problem

You want to detect local login accounts that can be accessed without a password.

9.3.2 Solution

# awk -F: '$2 == "" { print $1, "has no password!" }' /etc/shadow

9.3.3 Discussion

The worst kind of password is no password at all, so you want to make sure every account has one. Any good password-cracking program can be employed here—they often try to find completely unprotected accounts first—but you can also look for missing passwords directly.

Encrypted passwords are stored in the second field of each entry in the shadow password database, just after the username. Fields are separated by colons.

Note that the shadow password file is readable only by superusers.

9.3.4 See Also

shadow(5).
    [ Team LiB ] Previous Section Next Section