This page was generated from passwords.mth.

This page is part of the course work for CS360: Systems Tools course offered by the Computer Science Department at CalState, San Bernardino, California, USA. It was generated by Dr. Dick Botting.

Contents

    Making yourself at home: Passwords

     lock that door!

    Why

     If you don't understand passwords you are likely to find your data destroyed, your name mud, your money disappearing, and even your accounts closed down.

    Facts

    When you login the login program asks you for a password and encrypts it in a complicated way. The resulting string is then compared with the encrypted password on file in the system for your account.

    UNIX does not store passwords in a readable form - a dumb idea.

    Bad passwords cause more trouble to systems administrators and users than any other trivial thing. You need to choose something memorable, typable, and unguessable. And you have to change it regularly... Here are some classic bad passwords - can you see why: 

     		abc
     		password
     		computer
     		ajshdgetdfsgwtdfsgdycgxf
     		mary
     		fido
    plus: your user name, anything on file in the computer about you, any single word in English, any number - especially an SSN, any thing to do with Star Trek.

    Here is a simple way to create a good password.... take two random words and put a random digit or symbol between them. Here is another technique: Invent a memorable sentence or phrase. The password is made up of the intial letters of the phrase.

    Any example of a good password in a book or these notes.... is automatically bad.

    Avoid these characters: # and @. They were once used as erase characters.

    On an isolated machine the passwords would be in 

     		/etc/passwd
    on a network there is a master password file and login (and some other programs) use this instead of /etc/passwd. The sytem used to share this file is called the Network Information System or NIS. Also it is called the YP system after a well known phone directory. Use yppasswd on CSci systems. The password is shared accross all our lab machines and dialup systems. It can take a few minutes for the change to get to all the mahines.

    The 'passwd' file is a series of lines: one for each user. See line_in_passwd_file below.

    Every now and then we do a quick check to see if we can crack any passwords on our system. We use an evil program called satan. We restrict accounts so that they can not be used by anyone if we can crack them.

    Any non-adminstrator found trying to crack a password will lose their account rather quickly.

    Forgetting your password gives systems administrators a private source of amusement.

    We never give out passwords of the phone (guess why!)

    Never send passwords by EMail, write, or talk. Or over the phone.... Never write down passwords. (but if you do: disguise it...).

    Here is a classic technique: a cracker searches every item of mail on a system for the letters "password" and ....

    I or Paul can fix a forgotten or restricted password only if you come and see us. Not over the phone or by EMail!

    Sharing a password is evidence of a low intelligence. One account ended up being used by 30 people from all over the USA ("He was my best friend"). Another lead to complaints of computer abuse from another CSU campus("My kid sister!?!"), ....

    Syntax

  1. change_password::="yppasswd".
  2. NIS::=Network Information System
  3. line_in_passwd_file::= login_id : encrypted_password : user_number : group_number : user_information : home_directory : shell.

    Definitions

  4. login_id::=a short and unique identifier given to each user that they use to identifier themselve when theu log in.

  5. encrypted_password::= the actual password is encoded in a hard-to-crack way in this field.

  6. user_number::= each user is given a unique number from 1 upwards.

  7. group_number::= each user is assigned to a group of similar users and these are encoded as numbers in the /etc/group file.
  8. user_information::= usuall the name of the user, sometimes also the location and phone number.

  9. home_directory::=where the user is working whne they first log in.

  10. shell::= the program that is given to the user when they log in that interprets their commands.

    Exercises

  11. Change your password!

  12. What does your entry look like in the passwd user data base? Try this: 
    		ypmatch -k $USER passwd

  13. What happens if you input this command: 
     		finger $USER
    Which information comes from your passwd entry?

    Submit Your Notes Here

     To earn credit for completing this part of the course you need to send me a short list of things you have learned. A simple way to do this is to follow this [click here [socket symbol] if you can fill this hole] link and fill in the form using copy and paste.

End