Documents for passwd

Code [pass001w]

The listed username occurs more than once in the same file. This indicates a configuration problem and should be corrected.












Code [pass002w]

The listed userid (uid) occurs more than once in the same file. This usually indicates a configuration problem and should be corrected. On many systems, uid 0 (zero) and uid 1 (one) are often used for multiple usernames. It is usually to completely disable all of the usernames except for `root' for uid zero and all of the usernames for uid one.












Code [pass003w]

The listed entry does not have the correct number of fields. This indicates a configuration problem that should be corrected.












Code [pass004w]

The listed username occurs in separate password sources, but the userid (uid) is different in them. This can lead to unexpected access to resources if not corrected.












Code [pass005w]

The listed userid (uid) occurs in separate password sources, but the usernames are different. This can lead to unexpected access to resources if not corrected.












Code [pass006w]

The password files have integrity issues as found by 'pwck -r'. This can lead to looping of password manipulation programs and to authentication or login issues if not corrected.












Code [pass007w]

Some password controls or constraints are missing. These should be be applied to all users via their /etc/login.defs configuration values.












Code [pass008e]

The password file was not generated and cannot be analysed. This might probably happen due to Tiger not running with full administrative access.












Code [pass009f]

The format of a given configuration file used for user (or group) authentication has some inconsistency that might be a security vulnerability.












Code [pass010w]

The listed groupname occurs more than once in the same file. This indicates a configuration problem and should be corrected.












Code [pass011f]

The listed username has an empty password string. This will allow any user to gain access to the account without being prompted for a password.












Code [pass012w]

The listed home directory is specified for multiple users. This can lead to denial-of-service and unexpected resource usage (i.e. shell initialization files, etc) if not corrected.












Code [pass013w]

The listed username is not using an acceptable, cryptographic method for the password hash.












Code [pass014w]

The listed login ID is disabled in some manner ('*' in passwd field, etc), but the login shell for the login ID is a valid shell (from /etc/shells or the system equivalent). A valid shell can potentially enable the login ID to continue to be used. The login shell should be changed to something that doesn't exist, or to something like /bin/false.












Code [pass015w]

The listed login ID does not have a valid login program or shell. Usually these are defined in /etc/shells.












Code [pass016w]

The listed login ID should not have "/" (system root directory) as its home drive. This is a possible security hole.












Code [pass017w]

The listed login ID has a user ID of zero (0) and is not the 'root' account. This should be checked to see if it is legitimate. In any case, having login ID's with a user ID of zero tends to lead to security problems, and should be avoided (except for 'root')












Code [pass018f]

The listed administrative login should have an impossible password. Files owned by this login ID may reside in critical system directories and compromise of this account could lead to trojan executables in typical search paths.












Code [pass19w]

The listed login ID does not have password aging enabled. Good password management practices indicate that passwords should not be static, but rather should be changed on a regular basis.












Code [pass20w]

The listed login ID is not configured to use shadow passwords. This indicates the specified login ID has its cypher text publicly available and is subject to brute force password cracking, even though shadow passwords are implimented on the system.












Code [pass021f]

The sudoers files (/etc/sudoers and/or the contents of the /etc/sudoers.d/ directory) have syntax issues as found by 'visudo -c'. This can lead to the sudo program not working properly and scripts or users not able to use it to elevate privileges if not correct.