Creating User Passwords
The “-p” useradd option allows you to create a password at the same time that you create a user account. However, for two reasons, it’s an option that you really don’t want to use. First, it doesn’t hash the password. So, when you look in the “/etc/shadow” file, you’ll see the password there in plain text. Second, by entering the password as part of a “useradd” command, it’ll show up in your shell history, also in plain text. Your best bet is to ignore the “-p” option, and use two separate steps to create the user account and the password.
The passwd command is used to create the password for each user. Users forget their passwords. Often the administrator will be expected to reset those passwords. Looking up passwords is not a possibility because they are encrypted in storage. A new password must be created with the passwd command.
To reset the password for user john:
Then you will be prompted to enter a password twice.
The command usermod can be used to create several password aging attributes. Here are several options:
-c comment description of the user
-d home_dir change the home directory
-e expire_date assign an expiration date in the MM/DD/YYYY format
-f inactivity number of days before account disabled
-g group change primary group
-G grouplist set the list of groups that the user is in
-l login_name change login name for user
-m used only with -d option, home contents copied to new home directory
-s shell indicate a new shell
-u user_id change user ID
Modify an account.
sudo usermod -e 05/01/2011 jane
The modified /etc/shadow shows the change to jane’s account.
The command chage -l can be used to show the status of a user’s password protection. Let’s say you wanted to check the status of jane’s password.
chage -l jane
Last password change : Jun 09, 2010
Password expires : never
Password inactive : never
Account expires : May 01, 2011
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
Choosing the correct password, as well as informing and enforcing password security for users is an important task for the administrator. Security is built upon passwords, so close attention should be paid to making passwords an effective tool in security.
Aspects of a Good Password
1. 8 characters or more
2. use numbers in the password
3. use letters in the password
4. use case in the password
5. avoid dictionary words
These five aspects are critical because software programs can employ “brute force” tactics to try to guess passwords on your network. Using the five aspects above will make it more difficult to crack your passwords. Security usually begins with most systems at the user level. One of the most important aspects of user security is the user password. A lot of security can go down the drain with poor passwords that can be easily cracked. Several important elements of a user password are length of the password, randomness and the forced creation of new passwords at regular intervals. Most users resist all of these elements.
The length of a password is directly proportional to the ease at which it could be cracked. As a result all passwords should be at least 8 characters long. In addition, passwords should not be based on dictionary words, they should be random. It is easier to crack passwords based on dictionary words as cracking programs typically start with dictionary strings. One way to make secure passwords is to create passwords from phrases that are common to you. For example in the phrase ” I live at 101 Maple Street in Phoenix Arizona,” could be turned into the password
This is a password built on the first letter of each word to create a secure password. Remember Linux is case sensitive.
Password Management allows you to force changes in the password or have the account be automatically disabled in a period of time. It is a good idea to force users to change their passwords at regular intervals. Of course this is even more important for administrator’s to do as well. The downside to this is that users forget their passwords if forced to change often making possibly a worse situation.