Hello Tim, On Wednesday 02 February 2005 18:32, Tim Alberts wrote: > I'm running apache on a FC3 linux box. I'm trying to make user password > control more available. I know the passwd command to change user > passwords. My question is, if a user enters a password and they forget > it, how can they get the password back out of the system without just > re-entering a new one? I don't think it is possible to do that. The Passwords are stored in an encrypted format in the file /etc/shadow. You need to brutforce or crack the file in some other way to read the user Paswords. I think this is part of the security concept in linux. If a user has lost his password noone could give him the old password back even not the user root. This is a good way to protect passwords i think. Example: When you're installing some webapplication like phpBB it's the same behaveior cause all passwords are stored as MD5. Most webapps are generating a new password when the user has lost it. If not they need to store passwords in plain text. That would be ugly!!! Regards Johannes
