Unfortunately so, a good reason to make every reasonable attempt to stop the wrong people getting at the file in the first place........ Alan
---------- From: Carsten Schmitz[SMTP:c.schmitz@kps.de] Sent: 05 April 2000 12:47 To: suse-security@suse.com Subject: Re: [suse-security] Cracking passwd file on suse systems
Hello...
I want to check the passwd-file for insecure passwords. Is there a way to do this easily?
I think that SuSE carries in its distributions some tools for this, you can try "john the ripper" for example that i think comes directly with SuSE; You can search on www.linuxapps.com or another utility search engine anyway.
User just have pop-access to their accounts, no telnet, so forcing the user to change the password from time to time is not possible.
Thank you for your quick answer. Yes.. John the Ripper was the right tool... I was horrified how easily it finds out the passwords...
Greetings,
Carsten
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com