From owner-freebsd-questions Mon Jan 10 5:51: 7 2000 Delivered-To: freebsd-questions@freebsd.org Received: from axl.noc.iafrica.com (axl.noc.iafrica.com [196.31.1.175]) by hub.freebsd.org (Postfix) with ESMTP id D097614D2F for ; Mon, 10 Jan 2000 05:50:58 -0800 (PST) (envelope-from sheldonh@axl.noc.iafrica.com) Received: from sheldonh (helo=axl.noc.iafrica.com) by axl.noc.iafrica.com with local-esmtp (Exim 3.11 #1) id 127fDV-000EZO-00; Mon, 10 Jan 2000 15:50:41 +0200 From: Sheldon Hearn To: "Irnest Schultz" Cc: questions@FreeBSD.ORG Subject: Re: User Passwords? In-reply-to: Your message of "Mon, 10 Jan 2000 14:47:43 +0200." <00fd01bf5b68$e2e5ca60$853a4092@mikros.co.za> Date: Mon, 10 Jan 2000 15:50:40 +0200 Message-ID: <56009.947512240@axl.noc.iafrica.com> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG First of all, you're asking very suspect questions. I hope you're aware that being the administrator of a machine does not automatically implyy rights to invade the privacy of your users. On Mon, 10 Jan 2000 14:47:43 +0200, "Irnest Schultz" wrote: > Is there a way in which I, as a System Administrator, can read the > passwords of the system users? Not without installing hacked versions of the software which prompts for passwords, no. > What is backdoor login and how does one do it? A backdoor login can be either of: 1) A well-known username and password combination that is active by default in a new installation. 2) A hacked up version of some program which provides shell login for a particular username or usernames, usually unknown to the administrator. Neither of these two exists in FreeBSD in a new installation. > How do one crack this passwords? You can use a brute-force dictionary attack. See the security category of the ports tree at: http://www.freebsd.org/ports/security.html Keep in mind that the only legitimate use of such programs is for identifying lame passwords and reporting to the users who have chosen them. Ciao, Sheldon. UUNET SA (South Africa) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message