At 11:11 -0700 on 11/02/2005, Paul Gilmartin wrote about Re: Module
description:
> IIRC on a traditional *NIX system, /etc/passwd contains the
password in clear text.
The act of giving the auditor a copy (hardcopy or other) would be
an audit violation.
No. Encrypted. Otherwise everyone would know everyone's password.
Yes it is stored in an encrypted form in the passwd file (when you
are not using shadow tables). Unfortunately there is CRACK and other
programs that will parse the password field in these records and
report out the corresponding clear text password so gaining access to
the file contents CAN expose the password even though it is not
stored in clear.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
