nerdexam
CompTIA

XK0-004 · Question #318

A server administrator is given the hash of an account password that needs to be synchronized across all servers. Which of the following will allow the server administrator to configure the account pa

The correct answer is C. Edit the shadow file.. The /etc/shadow file stores Linux password hashes directly, making it the only way to synchronize a pre-existing hash verbatim without re-hashing a plaintext password.

Security

Question

A server administrator is given the hash of an account password that needs to be synchronized across all servers. Which of the following will allow the server administrator to configure the account password?

Options

  • AEdit the password file.
  • BUse the usermod command.
  • CEdit the shadow file.
  • DUse the passwd command.

How the community answered

(52 responses)
  • A
    12% (6)
  • B
    2% (1)
  • C
    81% (42)
  • D
    6% (3)

Why each option

The /etc/shadow file stores Linux password hashes directly, making it the only way to synchronize a pre-existing hash verbatim without re-hashing a plaintext password.

AEdit the password file.

The /etc/passwd file stores general account information such as username, UID, and home directory, but on modern Linux systems it no longer stores password hashes - those are stored in /etc/shadow.

BUse the usermod command.

The usermod command with the -p flag can accept a hashed password string, but it is less reliable for exact hash synchronization and is not the direct method for inserting a known hash.

CEdit the shadow file.Correct

The /etc/shadow file stores hashed user passwords in a colon-delimited format where the second field is the password hash itself. Editing this file directly allows an administrator to paste a pre-computed hash exactly as-is, which is required when synchronizing an identical hash across multiple servers. Commands like passwd and usermod accept plaintext passwords and always generate a new hash, so they cannot replicate an existing hash value.

DUse the passwd command.

The passwd command prompts for or accepts a plaintext password and then generates a new hash internally, so it cannot be used to set a specific pre-existing hash across servers.

Concept tested: Linux /etc/shadow direct password hash synchronization

Source: https://man7.org/linux/man-pages/man5/shadow.5.html

Topics

#shadow file#password hash#account synchronization#user authentication

Community Discussion

No community discussion yet for this question.

Full XK0-004 Practice