Can I manually replace password hashes in the AIX /etc/security/passwd file?

by IAmJeff   Last Updated July 12, 2019 04:01 AM

Can I safely replace the password hash in the AIX /etc/security/passwd file? Are there any AIX quirks that would stand in the way of me just using vi to replace the hash?

I want to consolidate the root passwords on my AIX servers. On Solaris, IRIX, and Linux I would compare the password hash in /etc/shadow. If it wasn't the same, I could replace it with the desired hash. AIX uses /etc/security/passwd, which has a different format. Examples of the password field:

password = 2bOR!2Bp8jest
password = {ssha512}06$2bOR!2Bp8jestHAH$hamlet[...]

I assume the answer is, "Yes, they can be compared. They can be replaced, but be very careful."

Bonus points (if I have enough rep to award) if someone describes how older AIX versions fail if a newer crypto algorithms, such as {ssha512} isn't available.

Tags : passwords aix


Answers 2


I found an IBM answer at [Copying AIX password hashes between servers].1 You an use an editor to manually change the password, but there is a command to do that for you.

Quoting:

get the users password hash out of /etc/security/passwd and then use the "chpasswd" command to change the password on the other server.

The command is:

echo 'root:2bOR!2Bp8jest' | chpasswd -ec
IAmJeff
IAmJeff
May 04, 2015 16:12 PM

This issue is that if any user modification to the security file, such as a PAM based password change, at the same time as you write to the security file using vi or any non PAM based commands then two programs are writing to the file at the same time and structure can't be maintained. corruption is guaranteed to occur. This becomes more apparent on systems where the password file is modified frequently and in this way. Definitely do use a PAM authorized method to write to your passwd/security files.

Gary Bowdridge
Gary Bowdridge
July 12, 2019 03:55 AM

Related Questions


Updated May 13, 2015 14:00 PM

Updated May 16, 2015 01:47 AM

Updated August 16, 2015 19:00 PM

Updated August 19, 2015 20:00 PM

Updated April 03, 2017 09:01 AM