XK0-004 · Question #318
A server administrator is given the hash of an account password that needs to be synchronized across all servers. Which of the following will allow the server administrator to configure the account pa
The correct answer is C. Edit the shadow file.. The /etc/shadow file stores Linux password hashes directly, making it the only way to synchronize a pre-existing hash verbatim without re-hashing a plaintext password.
Question
A server administrator is given the hash of an account password that needs to be synchronized across all servers. Which of the following will allow the server administrator to configure the account password?
Options
- AEdit the password file.
- BUse the usermod command.
- CEdit the shadow file.
- DUse the passwd command.
How the community answered
(52 responses)- A12% (6)
- B2% (1)
- C81% (42)
- D6% (3)
Why each option
The /etc/shadow file stores Linux password hashes directly, making it the only way to synchronize a pre-existing hash verbatim without re-hashing a plaintext password.
The /etc/passwd file stores general account information such as username, UID, and home directory, but on modern Linux systems it no longer stores password hashes - those are stored in /etc/shadow.
The usermod command with the -p flag can accept a hashed password string, but it is less reliable for exact hash synchronization and is not the direct method for inserting a known hash.
The /etc/shadow file stores hashed user passwords in a colon-delimited format where the second field is the password hash itself. Editing this file directly allows an administrator to paste a pre-computed hash exactly as-is, which is required when synchronizing an identical hash across multiple servers. Commands like passwd and usermod accept plaintext passwords and always generate a new hash, so they cannot replicate an existing hash value.
The passwd command prompts for or accepts a plaintext password and then generates a new hash internally, so it cannot be used to set a specific pre-existing hash across servers.
Concept tested: Linux /etc/shadow direct password hash synchronization
Source: https://man7.org/linux/man-pages/man5/shadow.5.html
Topics
Community Discussion
No community discussion yet for this question.