I have Fedora 10 installed. I want my users to be able to use any password they want. So I edited /etc/pam.d/system-auth, the password section.
Was:
Code:
password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password required pam_deny.so
Become:
[Code].....
While I successfully configured an IPsec-VPN (I use a similar tho modified setup like this:[URL].. I am now stuck on the next steps. While I can connect to everything I want, I need to configure "access-groups" and/or "users".
The scenario is similar to this: Lets say Host A, B and C allow SSH-Connections and some weird non-standard UDP-Connection from Host-VPN, and are also accessible on other ports with public IP's (like http).
I now want to limit, that an admin-user has access to all of them, while trainee-admin only can access everything on Host B and C, and CEO only can connect via telnet to Host C - and all users can be roadwarriors
(I made this example up to give you an idea what i'm trying to do - hope it makes sense). Now my question is, if someone can point me towards a direction, as I'm quite clueless at the current moment as to what to try. I know that commercial IPsec-Implementations can do this, but can OpenSWAN/... give me something similar?
I am trying to set up Ubuntu like I had on my windows PC. I have my account, my wifes account and my kids account. I want passwords set for both myself and my wife but I don't want the kids to be required to have a password to log in. When setting up Ubuntu, it looks like it was all or none. I have dabbled with Linux off and on for years and am sure there is a way to set this up but I have no idea how.
View 8 Replies View RelatedI upgraded from 10.10 to 11.04 (32 bit) with a clean install as the "upgrade" option in update manager failed. I'm setting up the system again and want to restore the backup I took prior to upgrading, however due to the upgrade I don't want to just re install everything. The following have been backed up
/etc
/home
/usr/local
/var
Now there are various things that are different such as firefox 3.x has become firefox 4 Open office is gone, long live LibreOffice, my proprietary Nvidia drivers don't seem to be trusted yet, all the repositories will be different etc. I will re install all the applications fresh from the software centre, but I would like to restore all the users and passwords and their home directories,
So I don't I want to restore /etc or /usr/local en masse. I guess /var is not worth restoring either /home gets me their files but how do I restore the users and passwords? (there are about 8 registered users some of whom have different privileges) and the user ID need to be the same as they all access a NAS through nfs)
I'm configuring a CentOS 5.4 workstation. I have been able to apply most of the security that is required. I have met all but one logging requirement. How do you get the count of old passwords associated with users? I don't need to see their passwords just how many times they have changed them. I have set remember to 24 in the /etc/pam.d/system-auth file. I don't know where the file is that contains this information.
View 1 Replies View RelatedSitting at the console, I log in with any user name and NO PASSWORD IS REQUESTED. I get logged in automatically without entering the user's password.
I did:
passwd joeuser
To change his password and still he goes right in without being asked for a password!
Possibly related- 10 days ago, my smtp server was breached as a spam relay. The username they cracked was deleted. I added fail2ban for postfix. The logs show no further intrusion.
How to make users, groups, paswords and their IDs be the same on several computers (for example, on cluster)?
View 6 Replies View RelatedI have an old server running CentOS 5. The encription method used was the default MD5 for the shadow file. I would like to migrate the server to Debian Squeeze which uses SHA512. I have already copied the passwd, group and shadow file with the user accounts information but the Debian machine doesn't let the users login. I have already looked in the pam files to make it accept the MD5 encryption without any luck. how can i migrate the users without resetting their passwords?
View 1 Replies View RelatedIs there a way to use kerberos (or baring that a trusted CA) to allow users to ssh across machines in an environment isntead of having to manage the hash keys per user/server? I'm using kerberos+ldap to log folks in and get their settings but I'd like to take it a step further. I've been reading a lot but still can't quite get it all to come together.
Do I need to create a SPN for each host to do this? Sorry if I am asking a dumb question, I am returning to the *nix fold after a decade+ in the Microsoft world, be gentle with me.
I am using squid + dansguardian for web and content filtering. And it is working fine. I am forcing users to use proxy through browser configuration. Now I am planning to add another layer to controlling access using ncsa_auth program. I know it is not the most secured but I am fine with it. Plain passwords are fine with me.
I will be giving users some default passwords but I want some program for allowing users to change the passwords for the respective users if they want. Is there any perl script or something web based for the purpose that anyone is using or know of?
On other editions of ubuntu server I had no problem saving multiple users and passwords with htdigest but now it seems it is only possible to save one user and password.
Code:
sudo htdigest -c /etc/apache2/passwords directory user
When I add a second username and password for the same directory it overwrites the first.
just now i have installed squid, it works fine with authentication . I created this authentication in a simple text file by using htpasswd . my question is that is there any web based simple page to change passwords of squid users, because each and every time i cant give direct access to server for my squid users .
View 1 Replies View RelatedIm trying to set up a Proxy server on my CentOS server and I have been looking at Squid, however I wondered if there is a proxy server that will support having authenticated users and passwords in a MySQL database?I wanted to do this so I have good control over who is connected through my proxy.
View 6 Replies View RelatedI'm planning to centralize users and passwords and also create controls for user access to some equipment, for example, Linux Servers, Switches, routers and firewalls. In case of failure of the link between the ACS and AD or equipment to the ACS, this device would use local username and password.
At the moment, my AD structure is a Microsoft, Cisco ACS servers and Linux Standalone. I wish that both linuxs servers and network equipment were authorized by Cisco ACS on the accounts that are in Microsoft AD.
The configuration of the Cisco ACS to use the AD is done and no problems, the network equipment is OK too, but am having difficulties configuring the server for this solution.
I am looking for ideas for getting windows users into an ldap server. I am currently running a Linux server for my department and need to create an LDAP server which mirrors the username/password information for all of us as they are stored in the windows server here. I have the openldap server up and running on Ubuntu 8.04 and it works great; I now need to find some way to import user info into this from windows. I've seen discussions of using ldifde.exe to export the AD users into an ldif file. Is this the simplest way to go about it?
Our Linux server is currently providing us with much needed services using apache, and apache is authenticating using LDAP to our windows server (Using our windows username / password is required functionality). This windows server has some problem which causes it to delay for inordinate amounts of time between authentication requests and responses. The situation is such that this problem will not be addressed by IT staff. However, I have control over the Linux server so I am looking to just mirror the windows server on an LDAP server of my own. I could get away with updating the passwords in the Linux server.
Im not getting able to neither add new users using command useradd nor delete existing users using command userdel. And even Im not getting able to login into any existing users except root. It was ok before. Im having this problem very recently on my linux server. Im using RHEL5.
View 9 Replies View RelatedHow can I get rid of all policykit restrictions that fedora 13 has? I just upgraded from fedora 10 and of course my freenx sessions are again unable to do anything useful like mounting a drive. Difference is no GUI now to help fix this. So I would like to get rid of all restrictions.
View 6 Replies View RelatedDon't worry, I know - that title probably makes this question seem way more complicated than it actually is. Here's the situation: I have a server running SLES10 with a samba share set up on it. I created a username in Samba and Linux for myself, can access the share, permissions are fine, yadda yadda. Now I want to give about 100 more people access to it.
I have active directory running which users log into and I'd like them to be able to use their active directory passwords to authenticate to the share, rather than have me create 100 individual Samba/Linux accounts. In the future the AD server will be changing over to server 2008 but I'll cross that bridge when I get there. It would be equally effective if I could pull AD passwords from AD and "auto-create" the associated Linux/Samba users. Any ideas or could someone point in the right direction?
I wonder if it is possible to have two passwords for one user account in 9.10. I have a long login password (5 words about 45 characters with spaces caps). I would like to set a shorter password for Authentication, sudo, etc. While retaining the original for logging in.In short:Have long password to login to computer.Have short password for everything after login.
View 6 Replies View RelatedI have searched for days on Google and can't find a clear answer to my question. I have a NT4 PDC which I am migrating to Samba 3 (Version 3.4.2-47.fc12) on FC12 with kernel(2.6.31.5-127.fc12.i686). I am using tdbsam as my passdb backend.I setup Samba as a BDC and then joined to NT4 Domain succesfully. When I go to vampire the accounts I get lots of errors and some user accounts get transfered over. It turns that all the user accounts that transfer are those that don't have a capital letter in their username on the NT4 domain server. Most do and don't get transfered. There seems to be errors with my groups and Computer accounts.Is there a way to change the requirements in Fedora 12 for username, groups and computernames?
View 1 Replies View RelatedI have a work network of about 20 boxes most of which are running Windows 7 and one of them is a file server using linux and another is Windows server 2003. Now the local IP is distributed by the router, and no regulation of internet access is done by any of the servers.What I need to do is restrict internet access to select domains, which would probably need DHCP through linux(I think, not really sure), and I need something simple like a 'blabla.conf' file with the allowed websites that I can edit. need to know how to regulate IP addresses through the linux box (all details if possible, I never tried to do that before), and how to restrict internet access also through linux.
View 4 Replies View RelatedI allowed someone to access his Skype account on my computer (10.4).
Now I can't delete his Skype name from the login process, which is set to autofill the first alphabetical user and seems to be unchangeable in that area.
I tried deleting the software entirely, but that didn't do it. Somewhat bizarrely, the deleting the software itself did not delete any user data, and this raises security issues, ie, is the computer also holding other people's passwords?
how I can remove this guy from autofill when I turn Skype on, and how to turn autofill off on the Linux version of Skype so I don't have to refuse the next person to borrow my computer.
Is there a way to remove users in bulk? Maybe by a range of user id numbers.
I help run a school server for our Linux class. I create temp accounts for tests and now I just want to delete them. I really should delete the old users too but the Professor likes to let them have access even after the class.
I am trying to delete specific users along with their files, these are the steps i am taking,
Quote:
sudo su -
Quote:
cat /etc/passwd
Quote:
userdel user1
userdel command not found.
I am not able to remove the specified user, Does anyone know how else to remove this user.
i have 3 groups on a samba server with about 30 user per group.I would like to know how to delete all the user in a group before adding new users.
View 1 Replies View Relatedi've been wondering how do i know if some users create/modify/delete file/directory in linux, i've been using pyinotify in python script.this script like the example from the manual:
Code:
#!/usr/bin/python
import pyinotify, os, time
[code]...
I installed proftpd on my Ubuntu 10.10 install. I also run multiple websites that I want to allow ftp access to for 2 different users. The websites are located in /home/www/. This is where the guide I was following told me to put them. I also don't have a user named www.How can I give write permission to upload, delete, and edit all the files in /home/www/ for multiple users? They can connect to the ftp server and see the file, just not change them.
View 1 Replies View RelatedSamba up and running on my pc. pc runs FC12 with kde. A laptop has win vista. The pc can access the shares on the laptop but the laptop has authentication issues to access the pc. Note that windows doesnt enforce authentication forincoming network connections.Using the system-config-samba util i tried to map a windows user to the unix user "feduser". The laptop (named LAPPY) has a user (lapuser) which has on windows no password.What should I tell samba config what the windows username should be? lapuser or LAPPYlapuser doesnt work because when accessing the pc via the laptop, the authentication fails. The only auth that is successful is when choosing the same winusername as the unix username.
Secondary, id like to setup the laptop so that the user doesnt have to provide a name and password, or at least not more then once in the lifetime of the laptop. Note that you cant provide an empty password to system-config-samba. How is that possible?
Strange but not really on issue imho:the samba - KDE control module(kcmshall4) (and the smb.conf) shows 2 shares: the homedirs and the data dir the samba server configurator (system-config-samba) shows only the datadir.
Is it possible to map a remote user to a local user in SSH? The object is to avoid using $ssh user@server and instead just do $ssh server instead.
View 4 Replies View RelatedHow can i see history of all sudo users and all root users in fedora 13 ? history command only shows one users history ?
View 5 Replies View Related
