Security :: Centralize Users And Passwords And Also Create Controls For User Access To Some Equipment?
May 12, 2011
I'm planning to centralize users and passwords and also create controls for user access to some equipment, for example, Linux Servers, Switches, routers and firewalls. In case of failure of the link between the ACS and AD or equipment to the ACS, this device would use local username and password.
At the moment, my AD structure is a Microsoft, Cisco ACS servers and Linux Standalone. I wish that both linuxs servers and network equipment were authorized by Cisco ACS on the accounts that are in Microsoft AD.
The configuration of the Cisco ACS to use the AD is done and no problems, the network equipment is OK too, but am having difficulties configuring the server for this solution.
View 1 Replies
ADVERTISEMENT
Jan 7, 2010
I wonder if it is possible to have two passwords for one user account in 9.10. I have a long login password (5 words about 45 characters with spaces caps). I would like to set a shorter password for Authentication, sudo, etc. While retaining the original for logging in.In short:Have long password to login to computer.Have short password for everything after login.
View 6 Replies
View Related
Jan 25, 2010
While I've been using Linux for a little while now, I have only recently been getting into setting up and using a server at home (in part because until recently I only had ONE computer at home). I have heard of LDAP and OpenLDAP, but I am not sure if this is the best tool to do the following. Centralize logins and passwords for all of the computers at home, so I only have to change/manage one place. Since I keep installing Linux Distros it would be nice if I didn't have to add each person, individually each time.
Provide single sign-on authentication for the user so when they go to the Samba server they don't have to do another login, but they are limited in what they can see. Basically I don't want the kids being able to see *MY* files
- Works with Linux (various) and Windows (Windows 7 more than XP)
- Works with desktop and laptop
- Be able to, possibly, pass this authentication to the web server so likewise do not need to log into the web server after logging into the computer.
- (optional) be able to set up a script to run automatically to either map network drives or mount samba directories based on the user being logged in (smb://user/<username>) and/or backup the system.
I say optional because if it can that is great, but if it cannot then it isn't a show-stopper. Like I said, I am very new to servers and networking and do not know where to start regarding this. Right now I have a basic (too open) file server and a web server just beginning to be developed (working on Drupal). Not only do I need to figure out what/where to research about the server settings but also setting up the client-side of things.
View 3 Replies
View Related
Jul 19, 2010
Sitting at the console, I log in with any user name and NO PASSWORD IS REQUESTED. I get logged in automatically without entering the user's password.
I did:
passwd joeuser
To change his password and still he goes right in without being asked for a password!
Possibly related- 10 days ago, my smtp server was breached as a spam relay. The username they cracked was deleted. I added fail2ban for postfix. The logs show no further intrusion.
View 14 Replies
View Related
Aug 11, 2010
How to make users, groups, paswords and their IDs be the same on several computers (for example, on cluster)?
View 6 Replies
View Related
May 24, 2010
Is there a way to use kerberos (or baring that a trusted CA) to allow users to ssh across machines in an environment isntead of having to manage the hash keys per user/server? I'm using kerberos+ldap to log folks in and get their settings but I'd like to take it a step further. I've been reading a lot but still can't quite get it all to come together.
Do I need to create a SPN for each host to do this? Sorry if I am asking a dumb question, I am returning to the *nix fold after a decade+ in the Microsoft world, be gentle with me.
View 3 Replies
View Related
Jun 20, 2010
I'd like to know if there's a simple way to create a LUKS encryption drive with different passwords? A real one that leads to one set of data, and another that leads to a whole different set of data. Is this even possible with LUKS?
View 1 Replies
View Related
Feb 15, 2010
Don't worry, I know - that title probably makes this question seem way more complicated than it actually is. Here's the situation: I have a server running SLES10 with a samba share set up on it. I created a username in Samba and Linux for myself, can access the share, permissions are fine, yadda yadda. Now I want to give about 100 more people access to it.
I have active directory running which users log into and I'd like them to be able to use their active directory passwords to authenticate to the share, rather than have me create 100 individual Samba/Linux accounts. In the future the AD server will be changing over to server 2008 but I'll cross that bridge when I get there. It would be equally effective if I could pull AD passwords from AD and "auto-create" the associated Linux/Samba users. Any ideas or could someone point in the right direction?
View 5 Replies
View Related
Mar 18, 2010
I have an ubuntu server set up in which i would like my shared media directory to be accessable with multiple usernames / passwords because I use my admisistrator username and password for samba as well, but I do not want to give out that password to all clients in my house. And, I would like to have write permissions but keep other users to read only. Is this possible or do i need to just make one separate username / password for samba sharing?
View 1 Replies
View Related
Apr 15, 2009
I've been looking for this feature for months and couldn't find a solution for this. Does anyone know how to create users and limit the user to a specified directory?
View 6 Replies
View Related
Sep 15, 2009
i have created a user like this :
useradd -d /home/testuser -s /bin/bash -c "Test User" testuser
passwd testuser
After this beeing done, i whant to login with this user via ssh using putty. Do i have to set-up something in centos 5.3 to allow user logins via ssh? With root user i can login without problems.
View 1 Replies
View Related
Oct 19, 2010
Is there a possibility in openldap to allow a user to only create/manage specific LDAP users?For example user "mailadmin" may only create/manage mail accounts in LDAP that are named like "m1342895"? Or a specific list of user accounts that are in a specific group?
View 1 Replies
View Related
Mar 26, 2011
I just realized that I can access other users files and they can access my files simply by using the console to navigate the file system, Its not that big a deal, I am the only one using the computer but this seems like something is not configured correctly. Should each user be able to look at and modify each others files by default? (On Xubuntu 10)
View 7 Replies
View Related
Oct 23, 2010
It looks like my web/ftp server has been hacked but I'm not sure how. I logged in tonight and found I had new mail. I read it and found some e-mails that had failed to send because I don't have mail setup (luckily). The e-mails were trying to send my user name and password to the e-mail address lostsoul2k@ymail.comI've no idea where to start, I use SSH, FTP now and then and it hosts a Wordpress site. The FTP users do not have access via SSH, only my user ID. However, the e-mails also contained another user ID that only has FTP access to the server.I've looked through the logs for rkhunter but it doesn't look like it found anything.
View 11 Replies
View Related
Jun 18, 2010
I configured FTP server on Fedora 7.0 . I create different users with different password. I also create seprate directory for each FTP user. All are working . When I use filezilla for connecting that FTP site I can access all the directory on that server.
Now I want to configure that no any FTP user can access other FTP users directory or any other directory in server machine . What I do for this .
View 1 Replies
View Related
Jun 20, 2010
I am running Fedora 13 - 64-bit variety and using KDE as the gui. No real issues asides from machine not exactly flying, but then this is a mere core 2 duo 1.6 with 2 gigs of ram, so not unexpected...
When I run top I see 3 users indicated - which worries me somewhat... I am the only user on this machine.
I come from a Debian / Ubuntu /Gentoo knowledge-base and this laptop is a fresh install, encrypted partitions, temp has own partition (encrypted too) and obviously the firewall is on, with ssh service turned off and ssh access removed in the firewall....
is this 3 users in top normal, or have i managed to be hacked in the 3 - 4 days since I started the install ? In all this time I have been sitting behind a router when on the net.
Am I looking at a fresh install, or are there valid reasons for the extra users?
I just ran "users" in terminal and I show up 3 times - I have only logged in once, through the GUI and no extra access routes
View 6 Replies
View Related
Mar 15, 2010
I had 2 accounts on a single system. Other users are able to see my data. how to stop other users to access my personal data.
View 8 Replies
View Related
Jun 18, 2011
I have a Virtual Private Server which I can connect to using SSH with my root account, being able to execute any linux command and access all the disk area, obviously.
I would like to create another user account, which would be able to access this server using SSH too, but only to a certain directory, for example /var/www/example.com/
For example, imagine this user has a HUGE error.log file (500 MB) located in /var/www/example.com/logs/error.log
When accessing this file using FTP, this user needs to download 500 MB to view the last lines of the log, but I'd like him to be able to execute something like this:
Therefore I need him to be able to access the server using SSH, but I don't want to grant him access to all server areas.
View 2 Replies
View Related
Oct 24, 2010
I want to create a limited user, such that the user should only have the access to usb drives, cd drives and internet. And also I want to restrict the user from deleting the files from the system. How to do it..?
View 5 Replies
View Related
Mar 13, 2009
I am trying to give access to ONE single user to start and shutdown tomcat server. The problem being, when I enter syntax: username ALL= /etc/init.d/tomcat5, /usr/local/tomcat/webapps, PASSWD:ALL This gives the user access to start and stop tomcat but also gives user access to start and stop other services within /etc/init.d - such as httpd etc... What is the proper way to give user access to start and stop service, and limiting that power to only one service....
View 2 Replies
View Related
Jun 4, 2009
Currently working on the targeted policy, I need a help in doing the following things as quick as possible:
1- How to create a totally new SELinux user (not mapping new linux user to SELinux user) I want a new user with no roles or with a maximum of 1 role. I also need how to compile the new user so I can used it for mapping users. At the time, I've tried creating a new file inside /etc/selinux/targeted/contexts/users similar to the other users inside this directory, but it did not actually seem to appear when using the command semanage to list SELinux users : semanage user -l
2- How to create a totally new SELinux role (empty for now) ? and how to make the relation between this new role and domains or types.
3- How to create new domain, actually following some old instructions I created the .fc and .te files, but not the .if file, which is more complicated than the other 2 file.
View 10 Replies
View Related
May 16, 2010
I need to create such an account that the user wouldn't be able to r/w any file which doesn't belong to it, even if access mode is set to o+rw. I guess normal chmod/chown won't help here... How can i do this?
View 2 Replies
View Related
Jun 30, 2010
I configured a FTP Server on Fedora Now I want to create a user for FTP Server which has no privileges to access any things outside his home directory .
Username is "Test1"
Home directory is /var/ftp/Test1
chmod 700 /var/ftp/Test1
chown Test1 /var/ftp/Test1
View 1 Replies
View Related
Aug 7, 2009
I need to create an SSH user that can only access the directory I would specify for them. For example, I've been able to execute the following:
useradd -d /home/me/directory_for_this_user someuser
So when someuser logs in they get into this directory. Problem is that once they log in they can simply execute:
cd /
and navigate through all other directories which is a security risk.
How I could limit someuser's access to only /home/me/directory_for_this_user and its subdirectories and nowhere else in the system?
View 1 Replies
View Related
Mar 2, 2010
I am trying to set up Ubuntu like I had on my windows PC. I have my account, my wifes account and my kids account. I want passwords set for both myself and my wife but I don't want the kids to be required to have a password to log in. When setting up Ubuntu, it looks like it was all or none. I have dabbled with Linux off and on for years and am sure there is a way to set this up but I have no idea how.
View 8 Replies
View Related
Feb 8, 2011
So, I am looking to implement an FTP server with Isolated Client accounts/directories where a client can only access what's in their directory. I also need to provide my internal user's (content managers) the ability to upload, delete, etc from all of the Client accounts. The simple part is creating the secure client accounts. It's a matter of changing DIR_MODE in adduser.conf to 700 or 770, creating a user, having the FTP server chroot them to their home directory, revoke/restrict shell/ssh access and maybe even slap on some ACL to prevent botched permissions.The hard part is figuring out how to give my power users the ability to access all of their folders without thrashing security.
My first thought was to put all of the client user-groups in a parent group and having my internal users inherit group permissions..but you can't have groups inside of groups.My second thought was to put all of the client users in the same group and prey that the FTP chroot is enough to keep them from poking around but then I have the problem of how do my internal users access other user directories if they are chrooted. Do I create a second server without chroot.do I create some weird nested homedir structure..I honestly have no idea how to satisfy both requirements (secure client accounts and privileged user accounts). I need my privileged users to authenticate against Active Directory via Likewise open, LDAP, etc and I don't care how the clients authenticate. Though, I would prefer to have both file and FTP-server level protection just to make sure no one can see the other client's data.
View 1 Replies
View Related
Jun 26, 2009
Im trying to config my intranet to be accessible from inside the network (lan) without need of password and ask for a passwd for those who are viewing from Wan ....
Today my intranet can only be accessed from Lan, external access give me an Unauthorized message, I took look around, try #irc and still can get the appropriated help, I hope that someone here could help me on that...
A piece of my config:
Code:
View 4 Replies
View Related
Sep 28, 2010
What is the command I need to create a new user and give the user only permission to a single folder via ftp?
View 3 Replies
View Related
Jun 7, 2011
I am not very security minded...I'm aware of it, and always made sure I had up-to-date overall protection in Windows but firewalls, and the blasted passwords are largely a thorn in my side!When I got my iPhone last year I suddenly discovered password managers & "wallets" to keep all that kind of information in and syncable across different devices. My life got so much easier. Of course now I need to figure out encryption keys, and how they work (I'm clueless). I also need to find a program or system that I can move my existing low-tech info (mailnly user name & passwords) that will also accomodate the increased needs of Ubuntu security and still be sync-able. I started a little research weeks ago, but my current "wallet" only exports .csv so I quit since I'm going to have to do a lot of data entry whatever I go with.So here goes:
1) what is the difference (bare bones) between using an encryption key (e.k.) vs. a standard user created password? what situations are better suited for e.k.?
2) I have seahorse (default intall with Ubuntu I guess) but the only thing in it is Login under passwords which leads to a login keyring (?) and a drop-down list of about 6-10 of the gazillon passwords I use daily. The other tabs are for keys which I don't have any concept of.
3) I know FF also "remembers" user id & passwords as you choose to have it do so. Is that information transferable into seahorse or another program?
4)I'm also (today) getting ready to really set up my system for user names & security across my little home network. How can I integrate that into whichever program/app I go with to store my pwds and keys?
5)give me links to fairly current documentation on this stuff?
6) Any program/app recommendations.Pros/cons uses, what they can & can't do or be used for, etc.
View 9 Replies
View Related
Dec 22, 2009
I have Fedora 10 installed. I want my users to be able to use any password they want. So I edited /etc/pam.d/system-auth, the password section.
Was:
Code:
password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password required pam_deny.so
Become:
[Code].....
View 2 Replies
View Related
