Can anyone tell me some current and future threats to the authentication methods used in Linux system. Modules like PAM(Pluggable authentication method), SASL, Kerberos, Shared secrets, shared passwords etc.
View 2 Replies
I've recently been running a game server from my desktop, as well as a web page to accompany it.I use the ports 80/8123(HTTP)/5900(VNC)/50500(GAME)/5839(ADMINISTRATION).What's the best solution to protect my server from security threats? On a side note, I plan on adding a MySQL server later, but I want to keep it local only.
View 9 Replies View RelatedI want to configure SSH key-based authentication and SSH password Authentication in same machine for different user .
View 1 Replies View RelatedI need to make a choice on what authentication protocol I want to use for Authentication and Authorization. I was looking at Radius and then literature suggested that Diameter was a better protocol. Keep in mind I need this on a hetrogeneous setup ( linux & windows together). Diameter seemed like a good fit until I discovered that the open source code no longer seems to be maintained ( C/C++).
I was also looking at Kerberos as an option though there is alot overhead with the server. SSL/TLS or EAP? I am looking for simple but secure and am new at the security protocols.
I'm trying to compile a kernel for my Crux Linux install. I figured I'd do a 'make defconfig' to setup a .config file with the default configuration and then try to add anything I will need for my specific system. I found a script that scans my system and prints out a list of any current modules I am using. That way I can make sure to add these to my new kernel. It looks something like this:
Code:
ac.ko.gz
agpgart.ko.gz
ata_generic.ko.gz
ata_piix.ko.gz
battery.ko.gz
button.ko.gz
compal-laptop.ko.gz
dcdbas.ko.gz
dell-laptop.ko.gz
drm_kms_helper.ko.gz
drm.ko.gz
ehci-hcd.ko.gz
Is there a way to add these to my current configuration without having to go into 'make menuconfig' and search for each one? It's not too hard to search for many of them. But the ones with short names I'm not finding. Like ac.ko for example. 'ac.ko' returns 0 search results and 'ac' returns anything and everything with those 2 letters in it.
Tried to get my VDR working again, but the dvb modules refuse to load code...
View 7 Replies View RelatedI am administrating a server with CentOS installed. It came with qmail and courier-imap preinstalled, and Plesk.I need to manually add email accounts outside of Plesk, because my 1-domain Plesk license only allows the creation of one email address (yes, it sucks).
When I say add email account I mean creating a new email address, have email for that address be stored in its maildir, and have a corresponding imap (and hipefully also pop3) account that will be able to read that mail. All this with virtual domains.I've already found out how to create the new email addresses for qmail, so that email for the new email address is being delivered correctly. Now I need to create the imap/pop3 accounts for courier.
For the qmail part, I create a folder in in /var/qmail/mailnames/virtualdomain.org/username and a maildir called Maildir inside it. This is how the first mail address was created by Plesk and i'd like to maintain the same structure. As I've said, the qmail part is already working, I need to get the courier-imap part to work. Ideally, it should accept login with both short (i.e. myuser) and long (i.e. myuser@virtualdomain.org) user names.
Currently the only authentication module that is enabled in courier-imap is authpsa, which is Plesk's authentication module.in order to add more authentication modules, do I just need to add them to the authentication module list in /etc/courierimap/imapd, or do I need to reinstall courier-imap with support for such authentication modules? I thought I would only need to add them to the list, but I've noticed that the /usr/lib/courier-imap/authlib/ folder only contains a binary called "authpsa". Does that mean that other authentication modules are not even installed? If so, can I install them without reinstalling courier?
The second question is, what would be the most recommended authentication module that would make it easiest to create new email addresses/accounts from the command line? I need to be able to write a shell scripts capable of creating a new email address with all that is needed, and I'd like to keep this script as simple as possible, so for example I'd avoid mysql-based authentication as it sounds rather complicated. And the last question is, if I do need to reinstall courier-imap, how can I install a package without recompiling it? Will my one existing mailbox keep working?
Is there a way to refresh the current configuration used by modprobe with an updated modules.conf file at the command line for Red Hat Linux 9.0?
View 1 Replies View RelatedWhat security mechanisms are used by recent versions of the Linux operating system during user authentication?
View 3 Replies View RelatedI'm using a fingerprint reader on my laptop, works pretty well:
Code:
$sudo echo hi
Please swipe your finger:
[swipe finger here of course]
[Code]....
Like I said, it works nicely... until I try to SSH in and sudo something remotely, when it will ask me kindly to swipe my finger over the reader that's attached to the laptop which is on my desk at home thirty kilometres away. Naturally there's no method built into pam_fprint to abort via a keypress.
So, is there any way to tell PAM to only use certain modules if I'm in a locally logged in session?
I'd like to limit ps aux command outputs to current user only(the one, who invoked "ps". I've recently saw this feature on FreeBSD systems and on at least one Linux system running on shell.sf.net. I run Linux 2.6.33, I wanted to know how to make that. Any advice? Googling around wasn't too successful, perhaps I don't know how to query that, recently tried with "limit ps outputs" "ps aux current user", etc... had no luck.
View 2 Replies View RelatedI want set up VPN on my VPS but when i try to turn on tun/tap i see:
:/lib/modules# modprobe tun
FATAL: Could not load /lib/modules/2.6.18-194.17.1.el5.028stab070.7PAE/modules.dep: No such file or directory
os : debian 5
(folder lib/modules is empty)
I was trying to configure user authentication in SSH using certificate method.As u all know the usual way of authentication is using the ssh-keygen method. But i want the another method where we create a certificate key and send it to the CA, which signs it and send back etc etc.I cannot find any unique procedure in the net to configure this method.
View 3 Replies View RelatedI have squid proxy authenticating Internet users with LDAP. It's working well. But I have problem when I authenticate to squid proxy to login to Yahoo Messenger. Each time, I login to YM application, the squid proxy popups many authentication windows. These confuse users when they you YM. I checked in squid access log and see that: when users use YM application, the application requests the following links:
[code]...
With each link, squid requires one authentication window. Do you have any ways to squid require only one authentication window when users use YM?
I'm working on a work project related to Web (Client) authentication and DOD Common Access Cards. But I'm having difficult getting the details about what happens on the CAC side of things.
I familiar with the PKI system as it applies to e-mail. (Correct me if I err, of course.) If you want to sign an e-mail (i.e., so it can be authenticated by the receiver) you use your private key to add a digital signature to the message. Then, the receiver uses your published public key to determine if the digital signature is valid, i.e., was created using your private key (even though the receiver never actually has access to your private key).
So... my questions:
1) When a person with a DOD CAC visits a CAC-enabled web site, and the server grants access after the CAC is inserted, is the authentication process fundamentally the same as what happened with the e-mail authentication?
2) If the private key is used in this process (it would have to be, correct?) is the signature created on the CA Card electronics (i.e., the private key remains on the CAC)? Or is the private key copied onto the computer, which uses it to create the signature?
My server is connected to the Internet for ssh on port 22 with root logon disabled, a single non-dictionary word user name allowed, and pki authentication only (about as secure as I can make it). I've previously run fc5 and 9 servers using the same sshd config since 2006 and had no security troubles, so I'm happy, but.. After the fc13 install and configuration, logins from a host on a remote network are taking about 1m 30s to complete! A (partial) console output for ssh -vv appears below. The lines marked with "**" were the lines after which significant pauses happen. This is fully repeatable.
Code:
debug1: Next authentication method: publickey
debug1: Offering public key:
debug2: we sent a publickey packet, wait for reply
[code]....
How can I remove authentication completely from my pc?
How can I edit the files present in the patrician filesystem?
having a slow internet connection, I bought the all maverick repository on DVDs, copied the files on a usb drive and modified the apt sources file to consider the local repository only:
Code:
# deb file:/var/www/ubuntu_local/ ./
deb file:/var/www/maverick/dvd1/ maverick main universe restricted multiverse
deb file:/var/www/maverick/dvd2/ maverick main universe restricted multiverse
deb file:/var/www/maverick/dvd3/ maverick main universe restricted multiverse
[code]....
Even though I am reasonably sure it is safe, this local repository is not authenticated and I can only install package through the command line or synaptic, the Ubuntu Software Centre giving an error message "Requires installation of untrusted packages"...I thus would like to disable the apt authentication check for this local repository.
Does anyone know if/how its possible to integrate HOTP authentication into GDM login manager? Basically what I want to do is have it ask for the password of the account, then another prompt come up asking for the code for the account.
I know how to set it up, but I'm know if modifying the PAM module for requiring OATH/HOTP authentication will make this happen or if it will just break the system...and this is one thing I don't want to have to fix.
I want to use AD sys accounts to logon to linux servers. What is the best and most secure way to do this. This because we want to ensure it is tracable when a server administrator makes changes to a linux server. Now we use root to make changes to the servers.
View 13 Replies View RelatedI have installed CentOS 5.2. I want to login automatically for an user without authentication.
View 2 Replies View RelatedIm using CenOs 5 and have install a mail system(postfix+dovecot),when I trying to enable selinux for enforcing mode and i'm have some issue, the user authentication failed. How can i to fix this problem?
View 2 Replies View RelatedI have intalled RADIUS server on one machine which has fedora 10. I have installed freeradius-server-2.1.10 on it(server machine IP 10.150.110.42).
I have one more machine with redhat linux on which i have installed pam_radius-1.3.17(client machine IP 10.150.113.4).
I have done the follwoing configuration at both sides
SERVER SIDE.
users file
"vijay" Auth-Type := Local, Cleartext-Password == "123qwe", NAS-IP-Address == "10.150.113.4"
Reply-Message = "Hello, %u"
[Code]....
Above mentioned is my configuration. when i try to connect client with SSH it is not sending a request for authenticating user to RADIUS server. what else configuration i have to do, or if there are any mistakes in my configuration
I'm using Ubuntu Lucid Lynx and every time I search for updates it ask for authentication. I'd like to search and apply updates without confirmation. Is it possible in some manner?
View 5 Replies View RelatedAs part of the project I'm working on, I need to set up a server with IPSec authentication only connections to a large number of low bandwidth clients. I'm making use of the PF_KEY interface to populate the keys on the server and while prototyping things I've found that the initial setup is taking longer than I had expected. At the start of my test, entries are being added to the database at a rate of around 30/second, but as time goes on this is dropping significantly. I ran a test up to around 100k entries and by then the rate had dropped to 10/second. It's key to me that if I reboot my server that the Security Associations can be repopulated in a very short period, so I do genuinely need this to be much faster.
Two questions:
1) Does anyone have any experience of running with a large number of SAs set up, and if so what sort of setup rate did you get?
2) Are there things I can do to speed up the provisioning of these SAs? I'd really like to see a rate in the thousands per second.
We've been doing the prototyping on the 2.6 kernel.
I'm new in UNIX & trying to access the server using SSH but I encounter this error PAM Authentication Error. I use edit /etc/ssh/sshd_login & set the PermitRootLogin to yes. But didn't work. I used this command ps -ef | grep sshd & saying Process environment requires procfs(5). I don't know what to do now. What I want is access it by SSH but I got Access Denied. [MOD]Pruned from [URL]. create your own thread instead of resurrecting a five year old one.[/MOD]
View 1 Replies View RelatedI have a strange behaviour on a Slackware 13.1 box:
Code:
user@host$ su
su: Authentication failure
[code]...
I would like to have a web site pop-up on the persons laptop that connects to my wifi network. The page will let them know this is my network and give a list of shares on the network. Then click ok to get wireless authentication. Something like you get when you connect to a wireless connection in a hotel. software i can install on my Ubuntu 9.10 server to do this.
View 1 Replies View RelatedI looked at the security adviseries page on slackware.org, and noticed only 1 listing for 2010. I'm currently using alien bob's slackware-current script to make a dvd iso (x86_64.) So is this patch already applied or what? How do I go about maintaining a secure system from here? I've tried to search for clues about this but I'm a little confused (very new to slackware,) so I apologize if this question has been answered many times. Also, when a security advisery arrives, do I need to download the updated package? Or can I simply find a patch from a single source and download / apply them? What would you do concerning this issue? I guess easily applying security updates is where debian shines. I'm really starting to like Slackware though, I must admit.
View 2 Replies View Relatedwhile tampering with the settings for my wireless connection by right-clicking on the icon on the top menu i was originally asked for my password for authentication. i selected the option to remember the password for future sessions unintentionally.
how do i get it back to the original setting so that it asks for a password before allowing me into the editing screen? i tried preferences > system > authorisations > network-manager-settings, but it didnt work.
