This allows root to reset a user??™s password when that
user has forgotten it (an event that happens all too often).
Using a Shadow Password File
In early versions of UNIX, all user account and password information was stored in a file that all
users could read (although only root could write to it). This was generally not a problem because
the password information was encrypted. The password was encrypted using a trapdoor algorithm,
meaning the unencoded password could be encoded into a scrambled string of characters, but the
string could not be translated back to the non-encoded password. In other words, the trapdoor
implies that encryption only goes in one direction, so the encrypted password can??™t be used to go
back to the unencoded password.
How does the system check your password in this case? When you log in, the system encodes the
password you entered, compares the resulting scrambled string with the scrambled string that is
stored in the password file, and grants you access only if the two match. Have you ever asked a
system administrator what the password on your account is only to hear, ???I don??™t know??? in response?
If so, this is why: The administrator really doesn??™t have the password, only the encrypted version.
The unencoded password exists only at the moment you type it.
Pages:
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463