Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'adding a * in front of the encrypted pw should be enough' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
adding a * in front of the encrypted pw should be enough
Authored by: babbage on Mar 11, '02 11:43:08AM
Ok, so just to clarify what you're saying here, if a user's hashed password is, say, Q2w3E4r5T6y, then you can disable that account by simply changing it to *Q2w3E4r5T6y, and it can be restored by changing it back to Q2w3E4r5T6y? I didn't realize that hashed passwords could be tampered with at all without damaging them, so I've always made a point of leaving /etc/passwd alone for the most part (read-only usage only, no editing except by shell tools like "passwd").

So would something like this be considered the canonical way to disable logins on OSX? I know that some things are different here than on other Unixes, and I'm trying to get in the habit of doing things the OSX way...

[ Reply to This | # ]

adding a * in front of the encrypted pw should be enough
Authored by: a1291762 on Mar 11, '02 04:41:42PM

If you modify the encrypted password, chances are it'll be very hard (if not impossible) to guess what the unencrypted version will be. So by adding a char to the beginning (especially a char that isn't valid in an encrypted password) you're changing the unencrypted password to something that the user won't be able to guess.

When you remove that character, the password will be the same as it originally was. There's no "timestamp" or other such information in the password, it's just an encrypted phrase.



[ Reply to This | # ]