On Thu, Dec 9, 2010 at 14:55, Kinzel, David <[email protected]> wrote: > What seems wrong is wanting the password hash to be given to regular > users. > > Why?
For many environments this is considered a secure information disclosure or security incident. I have been at several places where a user decided that using a for loop to get everything out of getent and then running crack/john was the best way to spend a weekend. While the newer hashes provided by RHEL-5/RHEL-6 take longer to crack you can still get a lot of easy fish over the weekend. [And if your system must use some old tools/databases for legacy applications.. you may be stuck with DES hashes for some or all users.. those are really quick to get.] -- Stephen J Smoogen. "The core skill of innovators is error recovery, not failure avoidance." Randy Nelson, President of Pixar University. "Let us be kind, one to another, for most of us are fighting a hard battle." -- Ian MacLaren _______________________________________________ rhelv6-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv6-list
