In this lesson, we will delve into managing passwords on a Linux/Unix system. This includes changing passwords, enforcing password policies, and understanding the formatting of the /etc/shadow file.

Changing Passwords

passwd (Change User Password) To change the password for a user, use the passwd command followed by the username. If you're the root user, you can change the password for any user. Otherwise, you can only change your own password.

Understanding the /etc/shadow File

The /etc/shadow file stores encrypted passwords along with password aging information. Each line in the file corresponds to a user account and is formatted as follows:

Here is a description of each field shown above:

__

Note that if some fields are empty, no data will be present. This is why you can see two colons next to each other.

• username: The name of the user.

• password: The encrypted password of the user.

• lastchg: The number of days since Jan 1, 1970, that the password was last changed.

• min: The minimum number of days required between password changes.

• max: The maximum number of days the password is valid.

• warn: The number of days before password expiration that the user is warned.

• inactive: The number of days after password expiration that the account is disabled.

• expire: The number of days since Jan 1, 1970, that the account is disabled.

• flag: A reserved field for future use.

  Sample entry in /etc/shadow

  john_doe:$6$TrnJ1O9s:18724:0:99999:7:::

Enforcing Password Policies

Managing Password Requirements through PAM Pluggable Authentication Modules (PAM) provides a flexible mechanism for authenticating users. Through PAM, you can enforce password policies such as password length, complexity, and…