Password Management (Discussion and Demo)
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Transcription
00:00
>> Hey there Cybrarians and welcome back to
00:00
the Linux Plus course here at Cybrary.
00:00
I'm your instructor Rob Gills,
00:00
and in today's lesson,
00:00
we're going to be discussing password management.
00:00
Upon completion of today's lesson,
00:00
you're going to be able to understand
00:00
how password management is handled in
00:00
Linux by using the password and change commands.
00:00
First off, the password command can be used
00:00
by any user to change their own password,
00:00
but the root user is the only one that can
00:00
change at different user's password.
00:00
Now, some common password options
00:00
include lowercase l to lock the account,
00:00
which is the same as the user MOD capital L option.
00:00
We can use lowercase u to unlock the account,
00:00
the same as user MOD uppercase U option.
00:00
Finally we can use dash e to expire an account,
00:00
and we'll see a couple of more options
00:00
with this during the demo.
00:00
Now, the change command is used to
00:00
modify password aging settings.
00:00
Remember we were looking
00:00
in AC shadow in the previous lesson,
00:00
we saw a couple of empty fields there.
00:00
Well, we can modify or
00:00
add settings to those fields using the change command.
00:00
Some common change options include
00:00
uppercase W to change
00:00
the warning days before password expires,
00:00
or the uppercase E,
00:00
which sets the expiration date for an account.
00:00
We're going to play with both of
00:00
these commands with some demo time.
00:00
Here we are over in our CentOS environment.
00:00
First off, let's just
00:00
go ahead and recreate the user that we
00:00
deleted during the user dell and group dell lesson.
00:00
Let's go ahead and do a user add test.
00:00
I've just made myself pseudo
00:00
here to make this a little bit quicker.
00:00
We've recreated the user so we can do a grep for
00:00
test on /etc/passwd,
00:00
and we see that the user is there.
00:00
Now let's do a grep for test on /etc/shadow.
00:00
We can see that that user is there,
00:00
but there's these two exclamation points
00:00
where the password should be,
00:00
so there's no actual password set for
00:00
this user because we see
00:00
>> those exclamation points there.
00:00
>> Let's add a user password.
00:00
We'll just do password test
00:00
>> and we'll give it a password.
00:00
>> There we go,
00:00
All authentication tokens updated successfully,
00:00
so if we do another grep, and it's a shadow,
00:00
we actually see this long hash value
00:00
that indicates the password has been set.
00:00
Now we can actually lock the account by doing PASSWD,
00:00
lowercase l for test.
00:00
If we do a grep for tests and /etc/shadow,
00:00
we see these double exclamation points.
00:00
Notice here in CentOS
00:00
we have double exclamation points in the front,
00:00
whereas it the bunt we just had one exclamation point.
00:00
That's another little tiny wrinkle between
00:00
the two different distributions, but in general,
00:00
the system is going to look for
00:00
one or more exclamation points in
00:00
this password field to determine
00:00
whether or not the user account is locked.
00:00
Let's take a look at trying to
00:00
>> delete user password here,
00:00
>> let's just do password dashed d for test,
00:00
and we remove the password
00:00
and it's also unlocked accounts,
00:00
so now let's do a grep for tests and /etc/shadow.
00:00
We see that that file has no password at all,
00:00
so test can just login without
00:00
>> a password at this point.
00:00
>> Not real good, but this is something that you can do to
00:00
clear and then set a new password for a user.
00:00
Now, Let's re-add the password for test,
00:00
let's do password test,
00:00
and we'll give it a new password.
00:00
[NOISE] Let's try that one more time.
00:00
Let me try and type a little bit more accurately.
00:00
[NOISE] Then we're good to go there.
00:00
If we do another grep for test and /etc/shadow,
00:00
we see that it now has this hash value again.
00:00
Let's clear the screen so you have
00:00
a little bit more real thing to work with.
00:00
Now let's change the warn field to 14 days so
00:00
we can see down here at the end we
00:00
don't have anything set in that field.
00:00
Let's go ahead and do change dash
00:00
capital W to 14 days for the user test.
00:00
We can run another grep in /etc/shadow,
00:00
and now we see that there's a 14 days
00:00
in the warning field here.
00:00
Now, let's change the minimum fields
00:00
so we can't change the password immediately,
00:00
in other words, it'll change this
00:00
from a zero to something else.
00:00
We're going to change dash to three for test.
00:00
If we run other grep test on /etc/shadow,
00:00
we see that this field has been changed to three,
00:00
so you'll have to wait three days before
00:00
you can change the password in this case.
00:00
Now, let's change the maximum field,
00:00
so the password must be changed after 90 days
00:00
instead of this 100,000 days.
00:00
We can do that with change capital
00:00
M. We'll set that to 90 days for test.
00:00
I apologize, I got a snuck in there.
00:00
It's changed, not change.
00:00
Let's try this one more time. There we go.
00:00
Let's do another pseudo grep test in /etc/shadow.
00:00
Now we can see that that has changed
00:00
from 99,999 days to just 90 days.
00:00
Now we have a much more reasonable
00:00
setting for the password aging for the test user.
00:00
[NOISE] But with that, in this lesson,
00:00
we covered performing password management in
00:00
Linux with the commands password and change.
00:00
Thank you so much for being here and I look
00:00
forward to seeing you in our next lesson.
Up Next
Instructed By
Similar Content
