I have to change the CHARACTER_CLASS in login.defs so that user accounts accept a number at the start. This is all fine and well with useradd, login etc. but gdm and kdm refuse to adhere to these settings. How do I change it or is there some PAM setting I have got to tinker with?
View 2 RepliesI have to change the CHARACTER_CLASS in login.defs so that user accounts accept a number at the start. This is all fine and well with useradd, login etc. but gdm and kdm refuse to adhere to these settings. How do I change it or is there some PAM setting I have got to tinker with?
View 1 Replies View RelatedI edit /etc/login.defs so it change the mail directory:
Before changes:
Code:
MAIL_DIR /var/spool/mail
#MAIL_FILE .mail
After changes:
Code:
#MAIL_DIR /var/spool/mail
MAIL_FILE .mail
But when i create new users there is no .mail file in their home folder
I edit /etc/login.defs so it change the mail directory:
Before changes:
MAIL_DIR /var/spool/mail
#MAIL_FILE .mail
ubuntu 9.10 login panel is worse with respect to ubuntu 8 since now all the users with names are shown without a way to hide them!Why don't keep the old way at least as an option?
View 5 Replies View Relatedi updated both browsers i have and lost my secure log-in pages (no padlocks showing ) concerning different Web mail accounts.Just before i did these updates i checked an unrelated thing on-line regarding my sound card of which i kept a copy of and got this message below :
!!ALSA/HDA dmesg
!!------------------
[ 12.762633] cfg80211: Calling CRDA for country: AM
[code]....
I'm seeing really bad user login format under a standard installation and am wondering why ubuntu does this as default. I have noticed that the graphical login for gnome sizes itself to accommodate a user's exact password length. This indicates to me that somewhere on the unencrypted part of a standard installation with user encryption contains at least some indication of the content of the password length which seems a security flaw even if not a complete hole, it majorly reduces the number of attempts a cracker would have to cycle through.
And that's assuming that *only* the length is contained. Furthermore it seems that it would be MUCH better to simply display the number of characters entered into the pw field and allowing the gui to expand itself from an fixed size as the field is filled out so the the user still receives visual feedback for entering characters. Either a simple character count display should be entered into the field or a 10 dot to new line so that one can visually quickly count the number enter by multiplying from a 10base graphical observation.
just migrated to Lucid from Jaunty and noticed that the login startup screen looks more like windoze (shows all authorized users).One of the endearing security checks with Unix was that if you had access to a console you had guess both userid AND password - the system wouldn't tell you which was wrong.I feel that we have lowered security by making the list of authorized users visible on a console. Is there any way to turn it off and force users to enter both userid and password?
View 4 Replies View RelatedWhenever I login as root, an e-mail with the subject "Security information" is sent outwhere the e-mail address for this message is configured? I need to change it (or perhaps disable it).
View 9 Replies View RelatedI had a bit of a play with the pam-usb module today and thought it was very interesting. I can now log in to my computer using my SD card, which is pretty cool.I was wondering if it would be possible to make it such that the ONLY way to authenticate would be by means of this SD card. I realise that this probably isn't the wisest idea ever and I would be better off generating a really long, really complicated password and storing it away somewhere safe for when I lose my SD card (because it would happen).
View 1 Replies View RelatedYesterday, I updated my system with the latest security update and other software updates. Following the update, I am not able to log into the system after restart.As usual, I was prompted with the login page which looks as per normal. I chose my login id and entered my password. It brings me briefly to my desktop showing only my wallpaper (without any upper and bottom taskbars/panels). Then the screen went blank and the login page appeared again.I entered the login id and password, was shown the desktop wallpaper, screen went blank and the login page appeared. This continues over and over and over. After multiple tries and with some luck, I am able to log in as per normal.What seems to be the problem?
1. How do I check the system for errors?
2. How do I check which update has been updated?
3. Is there any way for me to restore to its original state (I migrated from FC10 to FC11 via yum update)?
The only other change apart from the security update is that I installed wine - which has been uninstalled the moment I was able to re-logged in.I attach the details of my grub.conf file below which I hope could be of some useful info.
I have had two instances recently where I was unable to log in to my computer with uid 500, but I could log in as root. In the first case, I could log in as user 500 to virtual terminals (ctrl-alt-F2, etc) but I could not log in to X. I found that, in the file /etc/pam.d/password-auth-acthere was an extra line that read"accountrequiredpam.access.so"I did not put that line there. When I removed the line, I could log in fine.In the other case, I could log in as user 500 to X, but could not log in to virtual terminals as user 500 (but could as root). I found that, in the file/etc/pam.d/system-auth-acThere was the same extra line as above. And again, I did not put it there, but when I removed it the problem was solved and I could log in to virtual terminals as user 500.I would like to find out, step by step, what happens when I enter my username and password in either a virtual terminal or in X. The login info must be passed to something that checks some files and then lets me in or not. How does that work?
View 1 Replies View RelatedI'm having trouble logging in with SSH using RSA keys.
client: Karmic
server: FreeNAS (FreeBSD) ip: 192.168.0.100
I generated RSA keys on Karmic, added the id_rsa.pub to the authorized_keys file on FreeNAS, then removed the id_rsa.pub from Karmic (this is a poorly documented but necessary step I learned).My Karmic username is shawn, FreeNAS username is shawnboy.from Karmic it prompts me for my RSA key passphrase which it should do, but after I enter it, it fails and moves on to prompt me for my password. I know this isn't a FreeNAS forum, but this works perfectly using Putty SSH with RSA keys on Windows XP, so I figure it's more appropriate to ask here than in FreeNAS forums.
I've recently installed 64bit version of ubuntu 9.10 but the GDMsetup doesn't seem to be working as it was in 9.04 i mean to say when you type gdmsetup at console the login window pops up where i can check the check-box "Allow local administrator log in" under security tab. to enable login as root. since it is not working i've to type password every time when i install a package or create a folder in root directory or mount a drive which is quite irritating how can i login as root in gui mode etc... also is there some syntax which i can put into /etc/gdm/custom.conf so i can log in as root....
View 2 Replies View RelatedI was under the impression the Linux (in my case the Fedora OS) is very secure. However I've learnt with deep concern that that one can have access to the system during system startup i.e one can give various startup directives and bypass the normal login UI to have direct root access.
Is there a way to disble this so that the directives during startup are fixed and cannot be altered. I would like to make the system secure to the maximum extent possible.
Need to restrict cvs login from specific IPs
in file /etc/security/access.conf
+ : builduser : 10.200.2.1
Do not work
when changed to ALL as below it works
+ : builduser : ALL
Running this software:
Linux 2.6 on a hacked LaCie NetworkSpace
installed SSHd 5.4
installed Samba 3.4
installed lighttpd 1.4
installed ProFTPD 1.3
I want:
Login with my account and same password on all of those. When i use passwd, the change should be reflected on all of them.
I have:
Samba uses encrypted passwords, and i must change passwords for samba with smbpasswd.
lighttpd uses separate password file, must change by hand.
ProFTPD and SSH use system login (/etc/shadow).
So far i found two possible solutions, but can't tell if i understood them right or how to achieve them: use LDAP as auth backend If i could make LDAP my auth backend, provided this is possible at all, lighttpd would use this directly, and PAM would use it for system login. Nevertheless, actually this can't work as Samba uses encrypted passwords. Correct? use Samba password backend, then make LDAP use that If passwd, login, etc would use Samba, i would work everywhere with MD4 hashed stuff. Lighttpd would send plain passwords (HTTP basic auth), and query LDAP, which in turn makes an MD4 hash, and tests for Sambas passwd. Will this work?
I installed linux system into a USB stick, but it never asks me to enter login password (i am the default user "root") when booting. I checked the settings in "User and Group" panel, and found everything there is OK. What additional settings should I make to this problem?
View 4 Replies View RelatedI know this is probably easy and if I only took a while to figure it out maybe I could but I have some stuff that needs to happen soon and I can't figure this out. I was wondering how I could have a log monitor that would email me whenever someone tries to login over ssh to my system. I'm open to everything daemons/scripts or cron itl works as I am not running a production server (but I might be starting that soon). Oh and just a side how do I get sent an email when I get port scanned
View 6 Replies View RelatedI just installed Fedora 10 on my laptop 2 days ago. I dont seem to remember the password i userd for my username. Is there a way to reset or change the password? I cannot login to the system.
View 4 Replies View RelatedI'm migrating my file server from Fedora 9 to Fedora 11 (clean install), and I'm having a horrendous time trying to get key based SSH logins working. I've set it up before, and I can't figure out why it won't work now. I copied my public key into ~/.ssh/authorized_keys2 and set the folder permissions for 700 and the file permissions for 600. Then I restarted sshd. Now unless I remember wrong I thought that's all you have to do. It didn't work. So I rebooted just for good measure. Still didn't work. So I made sure that my client was still sane. I can log into my OpenBSD machine just fine. I compared the sshd_config from OpenBSD to the Fedora one, and the options seem pretty close.
At that point I had nothing to lose and just started messing with the Fedora sshd_config. I also noticed in the config that the commented AuthorizedKeys file had dropped the 2 off the end, so I tried changing that as well. Still nothing. Password based logins work, but I really don't want to go that route. Now I can only think of two possibilities. One, some sshd_config setting is wrong and I don't know what it is. Two, there's some package that's required for key based logins that I accidentally unchecked during the install process. That's about all I can come up with. Here's my sshd_config, I tried to just set everything back to default.
Code:
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2 .....
I have a problem, I have installed Fedora 11. And i need to login as root user.
How to do so?
I have a server box behind my ISP router at home, and I need to allow ssh access to my server. My ISP router doesn't let me allow selectively ssh from some IP. It allows ssh to everyone.
I have fedora10 and openssh-server-5.1p1-3. How can I configure openssh to allow just from 1 IP?
Does it use xinetd at all and the hosts.allow and .deny mechanism?
got this message during my login to my ISP webpage broadband , this first time i got thisQuote:
You have asked Firefox to connect
securely to ******, but we can't confirm that your connection is secure.
Normally, when you try to connect securely,
[code]....
I'm trying to secure a workstation according to the DISA STIG and updated this machine from f10 to f12 to take care of a lot of kernel and openssl vulnerabilities.
I've gone into the Login Manager by running /usr/bin/kcmshell4 kdm --lang en_US as root, turned off themed greeter to enable the Dialog tab and inserted the login banner in the Greeting field. I checked the Xresources file in both /etc/kde/kdm and /etc/X11/xdm and the xlogin*greeting: field has my banner.
However when I restart the machine I am not prompted by the banner and when I select a user I am not prompted by the banner.
I'm not sure if this could be the issue but I get errors when launching kcmshell4:
Quote:
I have to sudo -s from the user with uid 1003 to root. does this need to be run from real root?
I need to create a number of internal Linux users for admin purposes. I do not want these users to appear on the initial console login page just after Fedora boots up, as users who can attempt to log in, and I do not want to allow these users to log in directly. I merely want these users to be accessed via su, just like the root user.
View 2 Replies View RelatedAfter entering the gdm I'm being asked "Would you like to enter a Security Context [N]?" during login. I've had a look around online but can find nothing final about this.
View 1 Replies View RelatedI have a text based game installed on a Linux server, and I would like to allow logins on that server via SSH, but with restrictions.The login should go directly to the game which reads keyboard input from stdin. If the game quits the user should be immediately disconnected from the server. Alternately, if the user logs in there should only be one command available to the user, the game.I have thought about using a web based interface to the game, but there is something about playing the game in a terminal that just feels right.Please don't reply with "this is a bad idea..." or its variants because that is an easy out. I just want to know if anyone knows of a solution.
View 2 Replies View RelatedI have seen that you can use PAM modules or recompiled versions of sshd to authenticate with a RSA SecurID token. But - they are kind of expensive to use at home.Would�nt it be great if you could use the Blizzard authenticator instead ? Its cheap and easy for home users to get their hands on !Link to the Blizzard authenticator Im refering to :
[URL]
How can I set up snort to only log and detect/capture logins using root or any of the "homeusers" login accounts or names?
View 9 Replies View Related