in linux centos 7
linux using telnet server
What is the name of the file responsible for checking the password, whether it is valid or not?
-
No-one should be offering a telnet service in this day and ageChris Davies– Chris Davies2021-08-26 21:05:48 +00:00Commented Aug 26, 2021 at 21:05
Add a comment
|
2 Answers
Any privileged (UID=0) program can read /etc/shadow, retrieving both the encrypted password and the encryption algorithm for a given user.
The program uses the encryption algorithm to encrypt the password-to-be-tested. If the two encrypted passwords match, so do the two passwords, if they don't match, the passwords don't either, and no information about the actual password is leaked.
answered Aug 26, 2021 at 3:43
-
I am asking about the name of the file in which the password check code is contained.mohammed moha– mohammed moha2021-08-26 04:04:44 +00:00Commented Aug 26, 2021 at 4:04
-
What I want to do is modify this codemohammed moha– mohammed moha2021-08-26 04:08:47 +00:00Commented Aug 26, 2021 at 4:08
-
@mohammedmoha if that's for an exploit, fair enough. If it's for a production system then it's almost certainly the wrong approachChris Davies– Chris Davies2021-08-26 21:04:55 +00:00Commented Aug 26, 2021 at 21:04
-
@mohammed-moha I explained in my answer. There is not ONE place passwords are checked.waltinator– waltinator2021-08-26 21:56:31 +00:00Commented Aug 26, 2021 at 21:56
-
Passwords are checked, as I explained above, in several programs. Offhand, there's
login, thePAMinfrastructure,sudoandsudo-like, and any other program that wants to. Why do you want to change the password authentication for the whole system? What change to you want to make?waltinator– waltinator2021-08-27 01:13:10 +00:00Commented Aug 27, 2021 at 1:13
It all goes through the pam infrastructure.
answered Aug 26, 2021 at 19:44
-
give me file pathmohammed moha– mohammed moha2021-08-26 21:52:04 +00:00Commented Aug 26, 2021 at 21:52
-
'man pam' will give you a start. It's not one file, it's a series of them. Both config & shared libs.Bob Goddard– Bob Goddard2021-08-26 21:53:24 +00:00Commented Aug 26, 2021 at 21:53
-
Please note that brevity is acceptable, but fuller explanations are better ;)AdminBee– AdminBee2021-08-27 07:14:53 +00:00Commented Aug 27, 2021 at 7:14