Once you've entered your username, UNIX typically prompts you to enter your password. This section describes how UNIX stores and handles passwords on most systems and how you can select a good password.
UNIX uses the /etc/passwd file to keep track of every user on the system. The /etc/passwd file contains the username, real name, identification information, and basic account information for each user. Each line in the file contains a database record; the record fields are separated by a colon (:).
root:fi3sED95ibqR6:0:1:System Operator:/:/bin/ksh daemon:*:1:1::/tmp: uucp:OORoMN9FyZfNE:4:4::/var/spool/uucppublic:/usr/lib/uucp/uucico rachel:eH5/.mj7NB3dx:181:100:Rachel Cohen:/u/rachel:/bin/ksh arlin:f8fk3j1OIf34.:182:100:Arlin Steinberg:/u/arlin:/bin/csh
The first three accounts, root , daemon , and uucp , are system accounts, while rachel and arlin are accounts for individual users.
The individual fields of the /etc/passwd file have fairly straightforward meanings. Table 3-1 explains a sample line from the file shown above
Passwords are normally represented by a special encrypted format that is described in "The UNIX Encrypted Password System" in Chapter 8, Defending Your Accounts ; the password itself is not really stored in the file. Encrypted passwords may also be stored in separate shadow password file s, which are also described in Chapter 8 . The meanings of the UID and GID fields are described in Chapter 4, Users, Groups, and the Superuser .
These days, many organizations have moved away from large time-sharing computers and invested in large client/server networks containing many servers and dozens or hundreds of workstations. These systems are usually set up so that any user can make use of any workstation in a group or in the entire organization. When these systems are in use, every user effectively has an account on every workstation.
Unfortunately, on these large, distributed systems, you cannot ensure that every computer has the same /etc/passwd file. For this reason, there are now several different commercial systems available that make the information stored in the /etc/passwd file available over a network.
Four such systems are:
All of these systems take the information that is usually stored in each workstation's /etc/passwd file and store it in one or more network server computers. If you are using one of these systems and wish to view the contents of the password database, you cannot simply cat the /etc/passwd file. Instead, you must use a command that is specific to your system.
Sun's NIS service supplements the information stored in workstations' own files. If you are using NIS and you wish to get a list of every user account, you would use the following command:
Sun's NIS + service can be configured to supplement or substitute its user account entries for those entries in the /etc/passwd file, depending on the contents of the /etc/nsswitch.conf file. If you are using a system that runs NIS +, you will want to use the niscat command and specify your NIS + domain. For example:
% niscat -o passwd.bigco
On machines running NetInfo, the local /etc/passwd file is ignored and the network version is used instead. Therefore, if you are using NetInfo and wish to see the user accounts, you only need to type:
% nidump passwd /
Computers that are using DCE use an encrypted network database system as an alternative to encrypted passwords and /etc/passwd files. However, in order to maintain compatibility, some of them have programs which run on a regular basis that create a local /etc/passwd file. You should check your manuals for information about your specific system.
These network database systems are described in greater detail in Chapter 19, RPC, NIS, NIS+, and Kerberos .
At many sites, the administrators prefer not to use network database management systems for fear that the system itself may somehow become compromised. This fear may result from the fact that configurations are often complex, and sometimes the protocols are not particularly resistant to attack. In these environments, the administrator simply keeps one central file of user information and then copies it to remote machines on a periodic basis (for example, using rdist ). The drawback to this approach is that it often requires the administrator to intervene to change a user password or shell entry. In general, you should learn to master the configuration of the system supplied by your vendor and use it. You can then put other safeguards in place, such as those mentioned in Chapter 21, Firewalls , and in Chapter 22, Wrappers and Proxies .
After you tell UNIX who you are, you must prove your identity. This process is called authentication . Classically, there are three different ways that you can authenticate yourself to a computer system, and you use one or more of them each time:
None of these systems is foolproof. For example, by eavesdropping on your terminal line, somebody can learn your password. By attacking you at gunpoint, somebody can steal your card key. And if your attacker has a knife, you might even lose your finger! In general, the more trustworthy the form of identification, the more troublesome the method is to use, and the more aggressive an attacker must be to compromise it.
Passwords are the simplest form of authentication: they are a secret that you share with the computer. When you log in, you type your password to prove to the computer that you are who you claim to be. The computer ensures that the password you type matches the account that you have specified. If they match, you are allowed to proceed.
UNIX doesn't display your password as you type it. This gives you extra protection if you're using a printing terminal or if somebody is watching over your shoulder as you type.
Passwords are normally UNIX 's first line of defense against outsiders who want to break into your system. Although you could break into a system or steal information through the network without first logging in, many break-ins result because of poorly chosen or poorly protected passwords.
Most desktop personal computers do not use passwords (although there are several third-party programs that do provide varying degrees of protection, and passwords are used by both the Windows and Macintosh network filesystems). The fact that the PC has no passwords makes the computer easier to use, both by the machine's primary user and by anybody else who happens to be in the area. People with PCs rely on physical security - doors, walls, and locks - to protect the information stored on their disks from vandals and computer criminals.
Likewise, many of the research groups that originally developed the UNIX operating system did not have passwords for individual users - often for the same reason that they shied away from locks on desks and office doors. In these environments, trust, respect, and social convention were very powerful deterrents to information theft and destruction.
But when a computer is connected to a modem that can be accessed from almost any place in the world that has a telephone, or when it is connected to a network that is used by people outside the immediate group, passwords on computer accounts become just as necessary as locks on the doors of a townhouse: without them, an intruder can come right in, unhindered, and wreak havoc. And indeed, in today's electronic world, there are numerous people who try the "front door" of every computer they can find. If the door is unlocked, sometimes the vandals will enter and do damage.
Passwords are especially important on computers that are shared by several people, or on computers that are connected to networks where various computers have trust relationships with each other (we'll explain what this means in a later chapter). In such circumstances, a single easily compromised account can endanger the security of the entire installation or network.
Conventional passwords have been part of UNIX since its early years. The advantage of this system is that it runs without any special equipment (such as card readers or fingerprint scanners).
The disadvantage of conventional passwords is that they are easily foiled - especially if you log into your computer over a network. In recent years, conventional passwords have not provided dependable security in a networked environment: there are simply too many opportunities for a sophisticated attacker to capture a password and then use it at a later time. Today, even unsophisticated attackers can launch these attacks, thanks to a variety of sophisticated tools available on the net. The only way to safely use a UNIX computer remotely over a network such as the Internet is to use either (or both) one-time passwords or data encryption (see Section 3.7, "One-Time Passwords later in this chapter and in Chapter 8 , and Chapter 6, Cryptography ).
Unfortunately, we live in an imperfect world, and most UNIX systems continue to depend on reusable passwords for user authentication. As such, passwords continue to be one of the most widely exploited methods of compromising UNIX systems on networks.