I must be losing it because I can't seem to find my answer on the google mechine. I need to enforce password complexity in ubuntu. I need min length, upper case, number and or special characters. I don't want to have to install pam_cracklib on all these boxes. I have looked at he common-password and it's not much.
View 2 Replieswe have a line in /etc/pam.d/system-auth-ac on RH 5.1:
password requisite pam_passwdqc.so min=disabled,disabled,disabled,disabled,8
I believe this should require new passwords to be 4 character classes only with minimum size =8 (uppercase, lowercase, digits, special chars) however running passwd also gives option of using word:word,word which only contains 2 of the required classes. Is there any way to fix this so only 4 character class passwords can be generated ?
I want to change the password complexity how do i do this?
View 9 Replies View RelatedI'm having no success getting password complexity to work with RH4/U5. Added/modified the following to /etc/pam.d/system-auth
password required /lib/security/$ISA/pam_passwdqc.so min=disabled,disabled,disabled,disabled,12
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow nis remember=24
I have deployed complexity before on other releases w/o problems.This one is a NIS server, but I have other NIS servers working fine. I even tried copying system-auth from a RH4/U2 NIS server which performs complexity to the RH4/U5 system - no luck. When I attempt to change a user password from a user acct, get message that password must be at least 6 characters. The system-auth file I am using dictates 12 characters with 4 different character cases. /etc/login.defs also has minimum length set to 12 - no idea where the 6 character limit is coming from. I also tried using cracklib.so with minlen=12 , no luck there either.
I''m new to Debian 5 so please be gentle
When I use 'adduser' it states 'Enter the new password (minimum of 5, maximum of 8 characters)' - how can I enforce password complexity?
I would like to have a minimum of 10 characters and also have numbers, certain special characters etc.
I tried to log in to my xguest account and it asked for a password, which it shouldn't, so there's a problem with SELinux.When I type getenforce it says it is disabled, yet when I go to /etc/selinux and look at the config, it is in enforcing mode and not commented out, type is strict.When I go to the SELinux management GUI I can't change the current enforcing mode and it's set to disabled and default to enforcing.
View 2 Replies View RelatedI would like to ask how could I enforce "NT-style" password complexity, for instance, the new password must contain 2 lowercase characters, 2 digits and 1 non-alphabetic character set, on Samba PDC so that while some samba clients change their passwords from Windows XP workstations. I have configured check password script option on samba configuration file, but users could not change password from Windows XP workstations no matter how complicated password they use.
A dialog box said: The password supplied does not meet the minimum complexity requirements. Please select another password that meets all of the following criteria: is at least 5 characters; has not been used in the previous 0 passwords; does not contain your account or full name; contains at least three of the following four character groups:
English uppercase characters (A through Z);
English lowercase characters (a through z);
Numerals (0 through 9);
Non-alphabetic characters (such as !, $, #, %)
[code].....
everytime i try to vnc to my box, it pops up the keyring authentication, which is obviously a huge problem when logging in remotely.how do i change my keyring password to match my login password?
View 4 Replies View RelatedI know this has probably been asked too many times here but I need to secure my emails. Personal matters of course. But yeah. I use the program "Password and Encryption Keys" to generate a key to sign my emails with but I do not know what to do. To be blunt, I'm stupid when it comes to this. IF not, steps in creating a key? and giving it (my public key) to the significant other? Finding where both keys are? Implementing it into Thunderbird? If it helps any here's some extra information: Ubuntu distro: Ubuntu 10.04 Email client: Thunderbird
View 7 Replies View RelatedI don't think I've messed up my settings because this is happening on both my computers. But it is still always a possibility. When I open a program, whether by command-line or by clicking somewhere, the windows don't always open completely inside the available desktop space. I mean the total space minus the task bar along the bottom. Firefox always opens with the bottom margin unreachable. kdenlive opens half out of the screen towards the right and the bottom. It is easy to drag them back where they belong, but always having to do this, with eventually a resize needed, to see the whole window of the program is getting tedious
View 2 Replies View RelatedHow can I force passwd to use a simple password?I want to change my passwd & delete passwd history (if stored).I plan on creating a Virtual Appliance that uses another password besides my testing password.
View 5 Replies View RelatedI already posted a topic similar to this concerning the Desktop OS version, but this deals with the Netbook because unlike the Desktop, the Netbook is less cooperative. Allow me to elaborate: Today (or rather yesterday since it's not after midnight where I am), I changed my password because I was hopelessly confounded about how to get my Wireless Network card up and running after it had been installed and I was allowing my dad to use it. This issue has since been resolved, however...
When I chose my password during the original installation, there was no mention of it being "too simple." This is where the Desktop OS and the Netbook OS differ. The desktop will let me change it in the terminal without any errors. The Netbook will not. When I've attempted to revert it back to the original, it will not let me do so in the User Profile or in the Terminal. The Passwords and Encryption Keys application also does not appear to help.
So now even after I've changed it to a different "complicated" password I am still prompted to insert two different passwords since I changed my user password but I am unable to change the password I input during the installation. A bit screwy methinks. This is extremely important. I'd like to know how to change the original installation password.
If I can't change the main password on my laptop then this is a serious potential security breach just waiting to happen (especially since it's on a laptop and I will be hauling it around with me) and I will most likely install a different OS if this isn't resolved --- It would be very unfortunate since I spent the whole day fixing it and I really enjoy the interface. Luckily I can live with this on my Desktop since I'm not going to be hauling it around with me everywhere when the school year starts.
I have a database created by an older program (not Access) that I need to open and retrieve information for my business. The manufacturer put a password on there so that only it's program could open it. I do not use that program, but it has information I need. Is there a way to find that password or circumvent the password altogether?
View 1 Replies View RelatedI am using RHEL 5.4 in VMware. Recently i have made changes in /etc/sysconfig/selinux and made it to be in "enforcing mode". Now when I rebooted my system, It is showing the following error:
"Unable to load SELinux Policy. machine is in enforcing mode.
Kernel panic- not syncing: Attempted to kill init!"
I have a small office network here which consists of three machines running Fedora 10 and a dev server running CentOS 5.2. I have no Windows machines, and have no intention of having any. I would like to use the CentOS server as the Linux equivalent to a domain controller in Windows. Use case is simple - I will still have a local root account on each machine, obviously, but I want the three staff users to be network accounts. I want them (like a Windows domain) to be able to login on any computer using their network user credentials and *not* have local credentials on any computer.
I've been Googling like mad on this, but I can't find a definitive answer or a sensible HOWTO for this use case in Linux. Others have suggested I do it all in Samba, but I cannot find an example Samba configuration that behaves as I describe above. Another article I found suggested OpenLDAP.I'm lost. What's the best way to do this with a CentOS controller machine and Fedora 10 workstations? Can anyone point me to some good resources on the matter?
I'm looking for a script which is testing how complex an "added" string is, for example like the user is changing his password and check how complex it is, if it included letters (lower/upper case), numbers and other characters.Im doing this for password check, the user type's the password and must be 6 characters long, have upper case letters lets say and numbers and so on.If anyone knows where I could find some bash script which is doing this, it would be really cool.
View 2 Replies View RelatedI've been trying to get SELinux working in OpenSUSE 11.2. So far I can get to runlevel 3 with enforcing=0. Before I start tinkering with audit2allow, The 11.2 repository gives me these policy rpms:
[URL]
But that version of policy has some issues in OpenSUSE:
1) failure to allow the graphical desktop to load (even with enforcing=0) . The following message appears in the console during boot:
** (gdm:1073): WARNING **: Couldn't connect to system bus: A SELinux policy prevents this sender from sending this message to this recipient (rejected message had sender "(unset)" interface "org.freedesktop.DBus" member "Hello" erro name "(unset)" destination "org.freedesktop.DBus") startproc: exit status of parent of /usr/sbin/gdm: 1 Since enforcing is off, I'm surprised to see a message like that. SELinux shouldn't be preventing anything, so I don't see how modifying policy will solve that. Ideas?
2) Attempting to boot to runlevel 5 with kernel parms "security=selinux selinux=1 enforcing=0", I'm dropped off in runlevel 3 instead. I'm getting a couple of pages of AVC errors after boot (see below). I've tried several other versions of the policy without luck:
- the version included in Fedora 12 (refpolicy-2.2009117
- the latest release from Tresys
- the latest from the repository at Tresys
[Code]....
I am looking for tools for static/dynamic code analysis for embedded Linux system development (both device driver and user space apps) with ARM-based processor. We use Eclipse IDE and C++ lanuage for development. Does anybody have recommendation for tools to analyze code complexity? The tools is better to support McCabe complexity metric, however, we may also consider others. Does anybody have recommendation for unit testing?
View 1 Replies View RelatedI'm new to ubuntu. Now iam using Karmic Koala. I want to change my password. So i used,
system->Administration->users and groups to change my password . As i entered my new password and clicked on 'Change Password', It is saying, 'password changed'. But when I click the close button in the main users and groups window, it is asking for my password, and I am forced to enter my old password only.
After the window is closed, i logout to check whether my password is changed. But it is not. I have to enter my old password to login.
i set my pass on ubuntu 10.4 and it work so good on installing app but suddenly it stopped working i thought i would restart my pc i tried to inter my pass again ubuntu don't accept it although it's surely true
View 7 Replies View RelatedI had this great idea to try and change the UBUNTU password. So I took not so drastic effort..I went to System>Administration>Users and Groups. There I clicked on my login name.Clicked on Properties and used the Change Password Button to Change my login password. I did that. [I thought this is the way to change the login password]. After that as usual I tried to launch the Empathy! It started asking me about some Keyring password! I gave my new password and it worked. Now, the weirdness of the issue is that..
1)If I want to login to UBUNTU..I have to give the Old Password [The password which I gave when installing Ubuntu;as if the password change has not come into affect]
oO mount..I have to give old password
To update I have to give old password.
But!
2)To get my things done in Empathy..that is to get the Keyring Challenge done! I have to give the new password and old password does not work here.
I want to stop empathy from asking me about the KEYRING thing. Roll back the system to the previous state; before the password change thing. What exactly went wrong or right? and What is really happening to my system. I mean things are all normal, so far..but why the two passwords? I dont use any heavy things on my machine..just a bit of browsing and Empathy..thats all.and only the default applications are installed on my machine. I use Ubuntu Karmic 9.10.
I need to be able to capture a users password when they login. I am well aware of the security issues with this and I'm ok with this.
We run a call center and I am working on migrating from windows to Kubuntu for the callers. It's policy that all callers must report their password to me, so I already know of everyone's password. There has to be some variable/script that I can "hack" to get the password they typed in to the login screen.
What I'm trying to do is that when a user logs in in for the first time, their profile is automatically created and set up. Setting up network drives, email, pidgin (which the password is stored in plain text anyway, so forget about security on that one), web apps, etc.
Trying to find information on How to capture a users password and all have been responded with the usual lecture on why you shouldn't do this. So I've heard it all before and I know of the risks. Like I said, I already have the callers password on file. If I could capture it, I wouldn't have to manually setup each profile every time we get a new caller, which is often since turnover is quite high in call centers.
Is it best to do this via the terminal or gui interface? does this meanthat the home folder encryption password is the same as the old login password?
View 4 Replies View RelatedEvery time I log in, I get the "password for keyring default" question two or three times, unless I enter it immediately as it pops up, sometimes even that doesn't prevent it from respawning. What could be causing this? I'm using Maverick.
P.S. Hmm, I don't think I'll be watching the lunar eclipse much now, the sky is covered with smoke, maybe it's lunar apocalypse.
I think it is very easy to hack passwords in Linux, but I did not try it yet. If you use sudo you get 3 attempts for the correct password. But if you get enough time it should be no problem to hack it by bruteforce. Imagine a script an attacker places on your machine which runs for a few hours or days. I think it is much more effective to delete the user out of the admin (or adm?) group so that user cannot be any danger anymore. You would have to login with root and readd the user then.
You now say: but if you login with root you got almost the same effect as with sudo. Of course it is the same. That is why I would use a system (not sure which yet) to create sub enviroments of your OS, which got the attribute that they can run without root, only got one account that can sudo and once sudo access is denied there is no other way to login as root. You just can repermit sudo access by the parent os layer.
As the title says, nm-applet rejects my password that I'm positive is correct.Using a custom compiz session,
Code:
#!/bin/bash
compiz &
[code]....
I decided to stop using my password to enter Ubuntu (recently installed) and switch to automatic start up. Hit the relevant key, then restart. Received three notices, closed two, entered pass to get encryption code at third, then nothing but a blank, Ubuntu-colour screen. Unable to open Ubuntu. How the heck to I get myself out of this trap?
View 1 Replies View RelatedI need a little insight, and I�m not sure if the two can relate, but I am trying to find out the following.
When generating WEP Keys the available bits are: 64/128/152/256; however, you need 5/13/16/29 character respectfully for each key if you generate the key manually.Can this formula be applied to passwords and the length of the password? For example: if my password had 29 characters, could I say that my password is 256-bits?
I'm running 64-bit Ubuntu Karmic, Encrypted HDD.I changed my login passwordwhen i try to boot i click on my name and type in my new password i have 'authentication fail' when i type in my old password this happens"could not update ICEauthority file /home/chris/ICEauthority""Their is a problem with the configuration server. (/usr/lib/libconf2-4/gconf-sanity-check-2) exited with status 256""Nautilus could not create the following required folders/Home/chris/Desktop,/home/chris/.nautilusBefore running nautilus, please create these folders, or set permissions such that nautilus can create them."
View 4 Replies View RelatedI have a dual boot machine and recently did a fresh install of 10.4. It no longer asks for a password to access the Windows partition and I full access to it. This seems insecure to me and was wondering if someone else came across this. I thought I saw this topic discussed before but I can not seem to find it now. Is this a bug or a new unpleasant feature?I don't think it makes a difference but I do have a separate encrypted home partition on this fresh install. I have also done two fresh installs. (Well three...once testing out KDE but didn't try the Win partition. )
View 9 Replies View Related