Security :: Force Password To 15 Characters On A Selected Accounts?
Apr 5, 2010
I would like to restrict a few selected accounts to minimum of 15 characters passwords. Other accounts,however, should still be able to login with 8 character passwords. This is in RHEL 5. Does anyone know how to go about it? I have checked PAM documentation and pam_cracklib.so has an option minlen. As per its documentation, minlen can force users to use 15 characters, but it forces every account on the system. I might be wrong too.
View 5 Replies
ADVERTISEMENT
Mar 24, 2010
I need a little insight, and I�m not sure if the two can relate, but I am trying to find out the following.
When generating WEP Keys the available bits are: 64/128/152/256; however, you need 5/13/16/29 character respectfully for each key if you generate the key manually.Can this formula be applied to passwords and the length of the password? For example: if my password had 29 characters, could I say that my password is 256-bits?
View 9 Replies
View Related
Mar 16, 2011
I have now been trying to find an answer for the following for a while and can't seem to get anything.On previous linux distros we had the option available "passwd -e" which allowed us to force the user to change their passwords upon the next login.s functionality however seems to be excluded from latest linux distros (currently using RHEL 5.4)...Does anybody know how the same effect can be achieved and perhaps any idea on why this option was removed as it was great for securing passwords
View 5 Replies
View Related
Jan 8, 2010
hello i am trying to change my password, but when i type in the new password i get this:"The password is longer than 8 characters. On some systems, this can cause problems. You can truncate the password to 8 characters, or leave it as it is."my question is what kind of problem could i get and how can i change so i have to log in every time i start the computer?
View 9 Replies
View Related
Mar 9, 2010
I'm really new to Linux so this will probably sound like a pretty naive question to most users, but how do you change the root password?To install Java, I have to type # su into Terminal,which then asks for the password.What's weird is that when I start typing a password, no characters show up. I don't know if this is supposed to happen or not.I've found a bunch of different sites on the Internet that explain how to change the root password, but none of them seem to work for my specific work station.
I've got Ubuntu 9.10 64 bit. In the GRUB boot menu, I can choose to boot normal or in recovery mode (I'm led to believe older versions don't have this option).I've tried typing # sudo passwrd into Terminal, but I already have a root password set up apparently, so I can't change it there.
View 4 Replies
View Related
Feb 23, 2010
I have a requirement to set up linux system administrator password with respect to below guidelines... I was lookin at pam_passwdqc but not sure that it all the below mentioned criterias to be acheieved.. Please go thru the below criteria and let me know which utility should i use for it.
1 The password length must be at least 16 characters long.
2 The password must be different from the previous 20 passwords.# Not sure how to acheieve this
3 The password must be changed every 60 days.
4 The password must be different from the user ID. It must not contain any derivatives of the User ID. ]# Not sure how to acheieve this
5 The password must contain characters from 3 of the following 4 classes:
5.1 Upper Case
5.2 Lower Case
5.3 Numerals
5.4 Special Characters (for example: #, $, &, ].....)
View 1 Replies
View Related
Feb 9, 2010
Not sure if this goes here or under Security, however, I have hacked together some code from two different sources to make a password generator for FTP accounts.Question: How will the "strength" of an eight character password generated by the following code compare to a human generated eight character password? Will they be equally as strong?Is reading from /dev/urandom good/better/worse then just using RANDOM()? Will "salting" either result add more "strength"?Password Generator.
[Code]...
View 11 Replies
View Related
Feb 19, 2010
Is it possible to completely disable the password change for users accounts in linux?? (I don't mind account lock)
View 2 Replies
View Related
May 12, 2011
I am using CentOS 5.6 and recently, well since I updated to 5.6 when I login through ssh/telnet I am prompted to change the password of any account which is my LDAP directory. Local accounts are unaffected. I haven't tried the console as this server is tucked away in a tiny room. This is really annoying because I don't want to run password expiry on that server and I'm sure that there's nothing in LDAP to indicate password expiry is on. My shadowmax is 9999 by default for every account..which is over 27 years I think. It's only started recently. I'd like to know how I can turn the expiry message off. I'd like to get rid of cracklib as well.
my etc/pam.d/sshd is
#%PAM-1.0
auth include system-auth
account required pam_nologin.so
account include system-auth
password include system-auth
session optional pam_keyinit.so force revoke
session include system-auth
session required pam_loginuid.so
View 6 Replies
View Related
May 17, 2010
I use gnome password manager. It stores encrypted passwords in the ~/.gpass directory.I have 2 users, johnny, and audio. My default gpass setup is at /home/johnny/.gpass I've created a group called gpassusers and added johnny and audio. I chgrp'd /home/johnny/.gpass to gpassusers. I chmod'd /home/johnny/.gpass 770 (to give group access) I then created a symlink as follows
Code:
ln -s /home/johnny/.gpass /home/audio/.gpass
when I try to cd into /home/audio/.gpass I get
Code:
audio@picard:~$ cd .gpass
bash: cd: .gpass: Permission denied
for sanity's sake, here's the ls of johnny's home directory
Code:
drwxrwx--- 2 johnny gpassusers 4096 2010-05-17 19:34 .gpass
and here's the ls of audio's home directory
Code:
lrwxrwxrwx 1 audio audio 19 2010-05-17 19:34 .gpass -> /home/johnny/.gpass
and just to verify groups are set up properly
Code:
audio@picard:~$ groups audio
audio : audio adm dialout fax cdrom floppy tape dip video plugdev fuse admin gpassusers
audio@picard:~$ groups johnny
[code]....
View 5 Replies
View Related
May 17, 2010
I have upgraded to Lucid, but was having the same issues on Karmic. I made a 2nd user acct we'll call X and we'll call the original acct Y. All of these issues only happened after creating X.
On X I have: sound Things wrong with X: I don't have the ability to modify any folders (even ones that are made from X's acct), I can't change the password or even access the Users and Groups, I can't modify any browser settings in Firefox but can on Chromium, the option for wireless is completely gone
On Y I have: the ability to access users and groups, the ability to modify all folders on either acct, the ability to change any settings on anything Things wrong with Y: no sound (doesn't even show the driver, but the driver is there on X's acct), wireless is completely gone (just like X's acct), even though I can access Users and Groups I cannot modify anything about X's acct
My first thought was to completely delete X since that's when all the problems began, but I'm afraid that since X seems to have "stolen" my sound card, that will be lost forever. I am also afraid that since neither account has wireless deleting X might hinder ever getting it back.
View 1 Replies
View Related
Apr 8, 2009
I have a windows 2003 active directory and dansguardian transparent web filter. I want that dansguardian filters according by whom is logged on the workstation. Can this be possible?
View 2 Replies
View Related
Jul 18, 2010
i am new to linux and i nid a bash script to Delete selected backup files and also restore selected backup file to a user define directory.
View 3 Replies
View Related
Oct 3, 2009
I have a multi-user machine with several network interfaces (Ethernet, if that matters). I wish to grant selected users, or groups, full access to selected network interfaces (including ability to adjust IP address and to bind to low ports, but *only* on those interfaces). It is important to me that an user/group does not such full control over other interfaces. Granting partial, or temporary, root permissions is OK; it's a friendly environment.How do I go about it?System: Linux 2.6.recent; usual Debian setup (can be adjusted if needed).
View 2 Replies
View Related
Mar 22, 2009
I have an encrypted /home partition but would like to set up a guest account for my brother. Obviously, encryption doesn't work so well when you give out the key so what I'd like to do is specify a different, unencrypted location as a home directory for the guest account so he doesn't need access to that partition. Is there a way of doing this?
I've got fedora 10, dual boot with windows, 2 hard drives, 1st is NTFS windows. 2nd is split into a swap, ext3 for the OS, and an encrypted partition for /home.
View 2 Replies
View Related
Nov 20, 2009
fedora 10 and im trying to set up some user accounts on a computer. My current problem is that we set up 2 root accounts and we need both to be able to authenticate. So far this works on the command line but whenever i'm on the GUI it seems that it only allows root to give its password for things. How do i enable the second account to do that as well.as a note, i am doing this for someone else so i have little to no control how this is set up, so please, i am not looking for reasons why this is not a good idea i would just like to figure this out
View 2 Replies
View Related
Feb 21, 2011
I am looking at creating two user accounts for "contract system admins"..These guys will be performing sys admin duties for a sever -- however, I am still concerned about security of data. For example, the server contains password information for our database, etc.Besides making them sign an NDA, etc. what other security mechanisms could I put in place to ensure that they don't just go buck wild. For example, when someone makes a sudo command, is this logged?
what are some recommendations for general security practices?
View 1 Replies
View Related
Mar 3, 2010
I want to use AD sys accounts to logon to linux servers. What is the best and most secure way to do this. This because we want to ensure it is tracable when a server administrator makes changes to a linux server. Now we use root to make changes to the servers.
View 13 Replies
View Related
Oct 29, 2010
I'm trying to change the password for an account using the passwd command in Linux. However I'm getting the error:
"BAD PASSWORD: it does not contain enough DIFFERENT characters"
Even though the passwords I'm trying seem pretty safe and complicated enough to me. I googled and think this is controlled by something called cracklib? Don't know for sure though. How can I change the settings for this, perhaps lowering the amount of different characters required, or disabling whatever security setting is causing this error?
View 4 Replies
View Related
Feb 7, 2010
In Ubuntu 9.10 is there a way of setting the password to only three characters.If one goes to system, Preferences, About Me, the password can be reset, but it only lets you set it to eight characters, I would prefer three or less.
View 5 Replies
View Related
Sep 25, 2009
way to automate adding and removing users from 10 different Fedora 7 servers. We use them as print servers and our users have a user name and password to authenticate with when printing. We also use Samba to talk to a W2k3 server that tracks and charges the users for what they print. The set up was done by a vendor and after 6 months of being in production the scripts they created has flaws.
I need a way for a script to run as often as possible that will remove, change, or delete user accounts from the servers and from Samba. how to most effectively achieve this?
It would be ideal to have a file that gets written to when a change needs to be made then a script to make these changes?
View 1 Replies
View Related
Jan 1, 2011
My Linux is Fedora release 13. I found there are a few users created not by me. I am not sure if the system got hacked somehow. Then the hackers created these users, i.e. (1) oracle, (2) exim, (3) test, (4) cox. I tried to delete all of these four users by using "usrdel" command but the system said "I cannot delete these users as the users are logging in". If my system got hacked ?? or these users are created by the system itself?
View 8 Replies
View Related
Sep 8, 2010
I recently received an email from a friend without subject and just a link. Since we do that a lot, I clicked on it. I was taking to a website that looks like a phishing site and my computer hard drive started working feverishly. I closed it quickly.
First, I want you guys to be aware of this thing since it seems to be fairly new.
Second, I want to know if I have been compromised. I already changed the password on my gmail account and I accessed the site using Ubuntu and Firefox.
View 3 Replies
View Related
Nov 26, 2010
allow sftp access to my Ubuntu system (happens to be desktop as it's also my main system) using accounts that are not able to login normally. (I have already managed to create such accounts.) These accounts need to be chrooted (also already accomplished with the openssh daemon settings.) Where I run into problems is that I want to give them (read only) access to files outside the chroot (on another partition in fact) and the matter if made more difficult because the directories to be shared are on NTFS-3G partitions (as they are a shared linux / windows storage drive). Is this possible and if so, what do I need to do?
Edit - Forgot to include versions
Ubuntu 10.10
openssh 1.5.5p1-4ubuntu4 (the one that comes with 10.10)
View 9 Replies
View Related
Jun 8, 2010
I am trying to disable accounts after 5 unsuccessful login attempts. I am following the guidelines in this article:
[URL]
This is on an Oracle Enterprise 5.4 box, which is essentially RHEL 5.4 Here is what my /etc/pam.d/system-auth looks like:
--------
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
[code]....
Unfortunately, the account does not seem to be locked or disabled. As root, runninng 'su test2 -c <some-command>' always sucessfully runs <some-command>, and leaves the failed attempt count at 6. /etc/shadow does not have an * or ! anywhere in the encrypted password for the 'test1' user.
What am I doing wrong? I thought that with the max attempts set to 0 in faillog, that the deny= parameter would be used. I thought I should be using su <user> -c <command> from the root account to test if the disable feature is working.
View 1 Replies
View Related
Oct 19, 2010
I just downloaded Thunderbird 3.1.4 and I think I found a security hole.
Whenever I open Thunderbird, it does not ask me to authenticate my account (not asking for a password)
Is this a bug/security hole or something?
How can I force Thunderbird to ask me for my gmail password at startup?
Oh!!! and where can I report this security hole?
View 8 Replies
View Related
May 12, 2010
Once again, nobody seems to understand security properly when they decide to add nifty new features. After upgrading to 10.04 from 9.10, I now have a listing of all the user accounts under "Switch from" when I go the the logout menu at the upper right side of the task bar. This is a terrible security hole that should never have been allowed in the first place, and is just as annoying as the default behavior of listing all the user accounts on the login screen.
View 5 Replies
View Related
Mar 1, 2011
We have 4 servers having rhel 5.2. We have several users logged in on one of them. We have nis server/client running on them and have common home area mounted on all of them. Now we want to disable/block the accounts of the users who have not accessed our servers in last 2 months from today.What logic should we apply to do so? We were checking stat of .bashrc of each user but is not correct logic. We are going to write shell script for the same. We dont want to do anything in users home area or their files.
View 11 Replies
View Related
May 4, 2010
This is mostly an FYI. I have been messing around with an old desktop to see what I could do.
I installed an image of XP, then tried installing Ubuntu. I chose the option to install along side XP, and adjusted the partition size. The install gets to the point where I create my password, and I get exactly 4 characters entered in the first password field and it freezes. It did the same thing on two consecutive installation attempts.
View 4 Replies
View Related
Oct 18, 2009
I am using openDNS on my current Linux box and I was wondering if their is a way to force the DNS settings to stay the same even if ROOT tries to change it (since my dad wants content filtering password protected and I still want my computers root access...)
View 2 Replies
View Related
