From owner-freebsd-questions  Fri Mar 15 11:44:19 1996
Return-Path: owner-questions
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id LAA25459
          for questions-outgoing; Fri, 15 Mar 1996 11:44:19 -0800 (PST)
Received: from soda.CSUA.Berkeley.EDU (soda.CSUA.Berkeley.EDU [128.32.43.52])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id LAA25450
          for <questions@FreeBSD.ORG>; Fri, 15 Mar 1996 11:44:17 -0800 (PST)
Received: (from richardc@localhost) by soda.CSUA.Berkeley.EDU (8.6.12/8.6.12) id LAA09515; Fri, 15 Mar 1996 11:44:01 -0800
Date: Fri, 15 Mar 1996 11:43:59 -0800 (PST)
From: Richard Chang <richardc@CSUA.Berkeley.EDU>
To: questions@FreeBSD.ORG
Subject: Passwords
Message-ID: <Pine.PTX.3.91.960315114335.3376n-100000@soda.CSUA.Berkeley.EDU>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-questions@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

Hi there,

	We are running a site that had security breakins and the hacker 
managed to changed the root password and the edited both the /etc/passwd 
and /etc/master.passwd file and deleted pretty much everything in it.  It 
seems the pwd.db and spwd.db are the original ones since apparently the 
person didn't use vipw on the DES encrypted system.  I was wondering if 
there was a way to use the pwd.sb and spwd.db even if the encrypted passwd's
in master.passwd don't match.... Thanks.

Richard