I am just wondering what encryption method the shadow file uses, so that I may be able to manually change it. I ask this because I am trying to make a web page that will allow people to change their linux password via a browser.
View 4 RepliesI'm looking to find out exactly how to go about changing the encryption method of shadow passwords from MD5 to something a bit stronger, like SHA. I've been looking around for a bit now and haven't found out how to do it. I've gathered that I'll most likely need to change the /etc/pam.d/system-auth file. Right now, there is a line that looks like this:
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok.I'm guessing the md5 should be changed to something else, like sha256. What else? I know I'll need to reset all passwords once the change is made, but I thought there was someplace else that controls how the passwd command encrypts passwords.
i am wanting to put a list of common passwords on a usb stick, but i want the file to be password protected. I also need to be able to access it from more than one computer (all linux, maybe a mac too).
View 5 Replies View RelatedI'd like to allow my laptop to be disconnected from the network and login with a user stored on LDAP. I know nscd can cache usernames and groups but not shadows, but is there a solution that will cache passwords?
View 1 Replies View RelatedI am moving my Linux server from Suse 10 to Ubuntu 9.04 and I moved the significant parts of /etc/shadow, /etc/passwd, and /etc/group over to Ubuntu 9.04. I am not able to login into the computer with the old accounts. The only problem I see is that the old accounts use Blowfish and DES to encrypt the passwords in /etc/shadow, and Ubuntu uses SHA512. If I change the passwords, the accounts will work. However; I have about 300 accounts to move, and I don't want to do that to all of them. I have tired Ubuntu Forums and talked to every linux expert I know, and no one has an answer.
View 7 Replies View RelatedIs it possible to have two passwords associated with one account, one that is the actual one, and another one, a duress password, that upon entering gives a similar (desktop) environment with "decoy data"?
The idea is to have the bogus password go to an encrypted home drive that looks as if it were the real deal, but it is wiping particular sensitive (encrypted) data that is visible only with the real password in the background, so that the actual data that need to be protected are not compromised. While the person who unlocked the computer tries to find the information on it between all the rubbish files, the real files are securely wiped. The files are very sensitive in nature, so it's better to have then destroyed than have unauthorized people access them, in the event of that happening.
I happen to know that TrueCrypt has a similar option but that requires an entire decoy operating system (and I think that might be a bit conspicuous), but is there a native linux way to do it?
I just recently upgraded from 10.10 to 11.04, but using the classic desktop instead of unity, mainly because unity sucks big time, but that's a different story, anyway, when I used 10.10 I had a key setup for access to my remote SSH server, but now when I try to set up a new key using passwords and encryption, I get:- "Couldn't configure secure shell keys on remote computer", followed by:- '** (process:2532):WARNING **:couldn't open fd 27:Bad file desciptor' 3 lines of this with different process numbers then I got ''** (process:2535):WARNING **:couldn't open fd 27:Bad file descriptor: Permission Denied. Please try again'
I have not changed anything on the remote server at all. I can access SSH using PuTTy sucessfuly, but I want to set up a key using the ubuntu passwords and encryption key program, but since ugrading to 11.04 I can not do that for some reason.
I'd like to know if there's a simple way to create a LUKS encryption drive with different passwords? A real one that leads to one set of data, and another that leads to a whole different set of data. Is this even possible with LUKS?
View 1 Replies View RelatedI would like to be able to store all my important details and passwords in such a way that it is encrypted, easy to get the information out and is cross-platform. Basically, I am thinking that if I kick the bucket that I would like to make it as easy as possible for others to be able to access this information using a pre-arranged password.
Ideally I would like the files to contain the program that is needed to extract the data i.e. importantinfoLinux.sh inportantinfoWin.exe (Just like a self-containing zip). I haven't found anything along those lines.
The things I am currently thinking of is:
1) A password database program that is cross-platform like KeePass. WIth the bundle contining the relevant installers for win, linux and OS X and the database file.
2) An AES encrypted zip of the data with relevant programs to open it e.g. 7-zip on windows, peazip on linux and OS X
Has anyone got any thoughts on this? Any self-containing java encryption apps?
Today i was going through some of security guides written on linux .Under shadow file security following points were mentioned.1)The encrypted password stored under /etc/shadow file should have more than 14-25 characters.2)Usernames in shadow file must satisfy to all the same rules as usernames in /etc/passwd.3)password for application Username should display * if username is not locked.4)If a user is locked it should be displayed as ! as the first character in second field of shadow file.
Confusion for point 1 and 2:Now i m confused as why the encrypted password should be more than 14-25 characters.Also what rules to satisfy How to check it?Confusion for point 3 and 4:There are lot of users with * as second field i guess they are not locked but according to 4th point there are lot of users with ! as first characters.How would i check whether they are actually locked or not.I m posting the output of /etc/shadow and /etc/passwd files for the account.
I deleted root from passwd and shadow file.Can I crate a new root user?
View 1 Replies View RelatedI would like to grep all values other than encrypted password from /etc/shadow fileFor example,each line consists of 8 fields separated with :/The only thing that I want not to print out is the contents between first : and second : (encrypted password)
View 7 Replies View RelatedI have a lot of passwords and keys for FTP and SSH connections that I need to keep. When using the "Passwords and Encryption Keys" the Export menu is sensitive/disabled.
I need to back them up, amongst other things, as I'll be re-partitioning my hard drive which will most likely result in a fresh install of Ubuntu.
I am not very security minded...I'm aware of it, and always made sure I had up-to-date overall protection in Windows but firewalls, and the blasted passwords are largely a thorn in my side!When I got my iPhone last year I suddenly discovered password managers & "wallets" to keep all that kind of information in and syncable across different devices. My life got so much easier. Of course now I need to figure out encryption keys, and how they work (I'm clueless). I also need to find a program or system that I can move my existing low-tech info (mailnly user name & passwords) that will also accomodate the increased needs of Ubuntu security and still be sync-able. I started a little research weeks ago, but my current "wallet" only exports .csv so I quit since I'm going to have to do a lot of data entry whatever I go with.So here goes:
1) what is the difference (bare bones) between using an encryption key (e.k.) vs. a standard user created password? what situations are better suited for e.k.?
2) I have seahorse (default intall with Ubuntu I guess) but the only thing in it is Login under passwords which leads to a login keyring (?) and a drop-down list of about 6-10 of the gazillon passwords I use daily. The other tabs are for keys which I don't have any concept of.
3) I know FF also "remembers" user id & passwords as you choose to have it do so. Is that information transferable into seahorse or another program?
4)I'm also (today) getting ready to really set up my system for user names & security across my little home network. How can I integrate that into whichever program/app I go with to store my pwds and keys?
5)give me links to fairly current documentation on this stuff?
6) Any program/app recommendations.Pros/cons uses, what they can & can't do or be used for, etc.
Where is the login password stored in Ubuntu? What is that file? Can I open that file?
View 6 Replies View RelatedRunning SunGard Banner software on RHEL 4.2 x86-32 bit Linux server Oracle Application 10.1.2.3 samba enabled. Users run processes/reports that are logged in a daily log file. In our daily job submission log files the user password shows up as clear text.The password shows up as $PSWD (sample from the logfile):
$JOB
$BANUID
$PSWD
[code]...
I plan to use newsbeuter for console RSS reading.This program has a config text file where I need to store my Google account password,in order to access my Google reader.I don't feel easy at making my password readable to everyone.Is there anyway I can somehow encrypt this information ?
View 1 Replies View Relatedwe can save the users password in /etc/password file itself.then why a special file /etc/shadow is created to save the encripted password of users.
View 2 Replies View RelatedI want to automate the following manual process.Currently, I am encryptying a set of files using openssl as follows:Encrypt file.txt to file.out using 256-bit AES in CBC mode $ openssl enc -aes-256-cbc -salt -in file1 -out file1.enI am then prompted for a password, which is then used to encrypt the fileWhen decrypting, I type $ openssl enc -d -aes-256-cbc -infile1.enc -out fileI am then prompted for the password - which again, I manually type.I want to automate this process of en/decryption - so I need to find a way of providing openssh with the password.
My first thought is whether it is possible to read the password from a file (say)? Or is there a better way of doing this?Also, I suppose that I will have to place restriction on who can view the password file - otherwise, that defeats the whole objective of using a password. I am thinking to run the bash script as a specific user, and then give only that user read rights to the contents of that file.Is this the way its done - or is there a better way?Ofcourse all of this leads to yet another question - which is, how to run a bash script as another user - without having to type the user pwd at the terminal.
i am new to debian. I need to know after booting sequence login shell appears to get username and password. so what happens when user puts username and password ?? how this given username and password are matched with /etc/shadow file ??
my another question is what is role of /etc/pam.d/ authenticating username and password ?? does it work with shadow file or not ?
I'm trying to learn how to create a user account manually on the system, and I've edited the /etc/passwd and /etc/groups as well as creating a new home directory by copying /etc/skel but I'm stuck at how to generate an entry in the /etc/shadow file since it comprises of the hash and all?
View 4 Replies View RelatedI noticed that our /etc/shadow file is readable on a patch I released for one of our in house linux boxes a while back ago. Could they use it to gain access the root account etc? Our passwords are all MD5 encrypted.
View 5 Replies View RelatedWhat is the easiest way to replace a hash in a shadow file for one particular user, not using passwd, and when the current password is unknown?
View 3 Replies View RelatedI am working on building a customized ISO image of a server based on linux. The thing is after the server is installed and run for the first time, three users have to be created for the various services to run properly. I want this to be automated. To achieve this what is was thinking is automatically enter the user entries in the /etc/passwd and /etc/shadow files through init scripts when the server starts for the first time after the installation. I tried creating user and assigning password in one of my machine, and the /etc/passwd and the /etc/shadow entries of this user I copied it into the other machine and tried login in on the other machine and everything worked fine. How I am trying to achieve this.
View 1 Replies View RelatedI want to know, how does changes happened in the encrypted password in /etc/shadow file , when user changing password . because user doesnot have access on that file
View 1 Replies View RelatedI wonder if it is possible to have two passwords for one user account in 9.10. I have a long login password (5 words about 45 characters with spaces caps). I would like to set a shorter password for Authentication, sudo, etc. While retaining the original for logging in.In short:Have long password to login to computer.Have short password for everything after login.
View 6 Replies View RelatedI've been trying to write php or perl code to generate the sha-512 password hashes in fedora. I've been unable to do the hashing which is encoded in the shadow file on fedora core 11. Does anyone have php or perl code which provides the hashing algorithm. (All of my attempts result in the encrypted hashing being longer than 86 character -- the length that crypt says the sha-512 should be)
View 3 Replies View RelatedI am so confused! I changed my security profile to 'paranoid' (i'm a linux noob' and accidentally locked my self out of everything! Including su, sudo, YaST, etc. (openSUSE 11.1)
View 9 Replies View RelatedHow to decrypt a file in openssl which is encrypted in perl using crypt cbc
View 2 Replies View RelatedI noticed that file /etc/shadow changed it's timestamp.Why it is changed? Is it "normal"?
View 4 Replies View Related