Ubuntu Security :: Changed Password Now Can't Logni?
Apr 10, 2010
I'm running 64-bit Ubuntu Karmic, Encrypted HDD.I changed my login passwordwhen i try to boot i click on my name and type in my new password i have 'authentication fail' when i type in my old password this happens"could not update ICEauthority file /home/chris/ICEauthority""Their is a problem with the configuration server. (/usr/lib/libconf2-4/gconf-sanity-check-2) exited with status 256""Nautilus could not create the following required folders/Home/chris/Desktop,/home/chris/.nautilusBefore running nautilus, please create these folders, or set permissions such that nautilus can create them."
Protect against root password change[Log in to get rid of this advertisement]I have recently had to force a change of the root password on a linux box I was running. It was a test system which I had not used in a while, so I forgot the root password (not so smart).Anyway, I found that it was amazingly easy to reset the root password. Here is a straight forward article on how to do it.URL...
My question is: how can you protect against this? I see this as a security hole.I understand that the user must have physical access to the computer, but if I want to lock the system down so you cannot easily enter single user mode or the root password cannot be changed.
I just changed my password now every time I start my computer the keyring wants my old password and it keeps doing weird things even after I type it in. Like Ubuntu will say No keyring found or something to that effect anyway.
When I set up an ID in Ubuntu, I encrypted it. I did a print screen of the passphrase and put it on the desktop. I'm just learning how to use the encryption so don't fault me for putting it right on the desktop. There is no important data in this ID. Now, I went and changed my password to the account. On the next boot, I got a few error message:
Could not update ICEauthority file /home/mickymouse/.ICEauthority
There is a problem with the configuration server /usr/lib/libconf2-4/gconf-sanity-check-2 exited with status 256 In researching these, it looks like the problem is that I changed the password but didn't update (or something) my passphrase.
I can't boot into the GUI but I have figured out how to boot to a command prompt. I don't have access to my home directory because I don't have my passphrase. Am I toast or is there a way to recover / update the passphrase?
I always use VNC to check my server for updates, and this morning I started the xvnc4viewer to vnc into my server and it keep asking for a password. I never setup a password because I do this local from my laptop, and I am the only one who uses my laptop. I had to go to my server and check the setting in System > Preferences > Remote Desktop and found them all changed. There was a password setup and there was a check mark in the you must confirm each access to this machine there some security update that changed all these setting? Sometimes when I do updates I don't know what is being changed on my server
Using thunderbird for email, as several users of this computer have individual preferences. Worked in 10.10 and previous. Upgraded to 11.04 this morning, had to install from CD due to my mistake. Changed computer name too. No worries, have done this before. Added new account to Thunderbird. Copied over mail folders too. Application is good to go. However, when checking email now get reply from server that password is invalid. Checked all account settings within T-Bird but cannot locate password setttings for this server/account. Appears to use something called STARTTLS. How to access this store of passwords?
I just upgraded to ubuntu 10.04 via the alternate cd ISO image. I can log in to Ubuntu with my old password but sometimes, when i have to grant extra privileges, that same password doesn't work. I also get a small message saying the pass word I use to loging and the one used for 'keyring' are different. what's wrong? Is there any way I can correct this?
what can I do if I changed my ubuntu password and cant remember what it is?I only have 1 user on my system - me, and I changed the password today, thinking it was obvious to remember my new password, but I cant remember it exactly
everytime i try to vnc to my box, it pops up the keyring authentication, which is obviously a huge problem when logging in remotely.how do i change my keyring password to match my login password?
I know this has probably been asked too many times here but I need to secure my emails. Personal matters of course. But yeah. I use the program "Password and Encryption Keys" to generate a key to sign my emails with but I do not know what to do. To be blunt, I'm stupid when it comes to this. IF not, steps in creating a key? and giving it (my public key) to the significant other? Finding where both keys are? Implementing it into Thunderbird? If it helps any here's some extra information: Ubuntu distro: Ubuntu 10.04 Email client: Thunderbird
Vmware tells me it cannot start services.I believe the issue is tied to permissions because the message indicated the log with the full details was located in /tmp/vmware-root/setup-4772.log but when I go there I receive a message telling me I do not have permission to the directory and there's a lock symbol on the directory from the File Browser utility.What do I need to do to unlock the folder and get vmware working again ?
How can I force passwd to use a simple password?I want to change my passwd & delete passwd history (if stored).I plan on creating a Virtual Appliance that uses another password besides my testing password.
So for ive changed the dns on my home router to Opendns and ive added this What does a dns attack look like? how would i know is my dns was poisoned or if i was under a kaminsky style attack?
Just want to stealth ports on my laptop. Had problems with firestarter when I installed in on 10.10. Set Firestater back to defaults and then dumped it with:
Code: sudo apt-get purge firestarter Set up Gufw to defaults and now am not sure what I am seeing with iptables. iptables -L shows .....
Do these settings look correct for default settings for Gufw? or do I still have some problems with the old firestarter settings not being removed. All I want is all ports stealthed. I know that ping is enabled but I believe that is a default setting in ufw. Could I restore iptables to default with:
Code: sudo iptables -F and then enable Gufw and set default?
I need to create a script that returns a list of the users who have never changed their password from /etc/shadow. As I know on linux there is a command "chage" used for find last password change.
I am running a Fedora 10 Virtual Server and get have a feeling I have been hacked. I needed to fix a source file that I had definately not changed myself. It was a PHP file concerned with usernames and passwords so that made me even more suspicious. I have been investigating and found the following. If you need other information give me the command I should run and I will update, I am no expert in this area and use the server to host my website and SVN. I am the only person that has access to the server.
Code: # lsof -u nobody COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
I already posted a topic similar to this concerning the Desktop OS version, but this deals with the Netbook because unlike the Desktop, the Netbook is less cooperative. Allow me to elaborate: Today (or rather yesterday since it's not after midnight where I am), I changed my password because I was hopelessly confounded about how to get my Wireless Network card up and running after it had been installed and I was allowing my dad to use it. This issue has since been resolved, however...
When I chose my password during the original installation, there was no mention of it being "too simple." This is where the Desktop OS and the Netbook OS differ. The desktop will let me change it in the terminal without any errors. The Netbook will not. When I've attempted to revert it back to the original, it will not let me do so in the User Profile or in the Terminal. The Passwords and Encryption Keys application also does not appear to help.
So now even after I've changed it to a different "complicated" password I am still prompted to insert two different passwords since I changed my user password but I am unable to change the password I input during the installation. A bit screwy methinks. This is extremely important. I'd like to know how to change the original installation password.
If I can't change the main password on my laptop then this is a serious potential security breach just waiting to happen (especially since it's on a laptop and I will be hauling it around with me) and I will most likely install a different OS if this isn't resolved --- It would be very unfortunate since I spent the whole day fixing it and I really enjoy the interface. Luckily I can live with this on my Desktop since I'm not going to be hauling it around with me everywhere when the school year starts.
I have a database created by an older program (not Access) that I need to open and retrieve information for my business. The manufacturer put a password on there so that only it's program could open it. I do not use that program, but it has information I need. Is there a way to find that password or circumvent the password altogether?
I am having following problem. If I try to change my SMB password, it throws following error >
Quote: ~>smbpasswd Old SMB password: New SMB password: Retype new SMB password: Server did not provide 'target information', required for NTLMv2 rpc_pipe_bind: rpc_send_auth_reply failed. machine 127.0.0.1 does not support SAMR connections, but LANMAN password changed are disabled Failed to change password for user1
For the second time in a week, I have set up an unmanaged CentOS 5.5 Storm Server at StormOnDemand, only to discover a ton of unauthorized changes to binaries (updated file checksums and sizes) on the server shortly thereafter.The time stamps do NOT change.If the time stamps did change, I would be hunting down ahat was doing some auto-updates. But the time stamps are not changing.This leads me to believe that either these servers are suffering from:1. A virus or hacker is compromising the box.2. system corruption.3. Something else? To eliminate the possibility of number 1, I toasted the first server and started over with a new server and enabled their firewall from the start to only allow access for two IPs via SSH... my IP and my biz partner's.
Then, one of the first things we installed was a system we created that maintains a snapshot of most directories on the system so that it can be used to watch the live directories for changes. At 4:07am (server time) this morning, we received notice from this system that a massive number of files had changed in these directories. Again, no file time stamps changed.So, my question is this... is there any legitimate reason in a fairly standard CentOS 5.5 install that would cause so many files to change?
1: I changed some settings in "local security", about file permits or something, and now I can't run Yast to fix it, not even see it. Neither can I add or remove any software. And the ugliest part is that I can't even shut down the pc. It pops up a shaking error message about authentication stuff. How do I fix this?
2: It also throws en exception whenever I try to install my monitor's driver, a HannsG, which is an .exe file. I was told I should run .exe files through Wine, but this wont work either. Is there another -and more appropriate- way to execute this files?
I'm new to ubuntu. Now iam using Karmic Koala. I want to change my password. So i used,
system->Administration->users and groups to change my password . As i entered my new password and clicked on 'Change Password', It is saying, 'password changed'. But when I click the close button in the main users and groups window, it is asking for my password, and I am forced to enter my old password only.
After the window is closed, i logout to check whether my password is changed. But it is not. I have to enter my old password to login.
i set my pass on ubuntu 10.4 and it work so good on installing app but suddenly it stopped working i thought i would restart my pc i tried to inter my pass again ubuntu don't accept it although it's surely true
I had this great idea to try and change the UBUNTU password. So I took not so drastic effort..I went to System>Administration>Users and Groups. There I clicked on my login name.Clicked on Properties and used the Change Password Button to Change my login password. I did that. [I thought this is the way to change the login password]. After that as usual I tried to launch the Empathy! It started asking me about some Keyring password! I gave my new password and it worked. Now, the weirdness of the issue is that..
1)If I want to login to UBUNTU..I have to give the Old Password [The password which I gave when installing Ubuntu;as if the password change has not come into affect] oO mount..I have to give old password To update I have to give old password. But! 2)To get my things done in Empathy..that is to get the Keyring Challenge done! I have to give the new password and old password does not work here.
I want to stop empathy from asking me about the KEYRING thing. Roll back the system to the previous state; before the password change thing. What exactly went wrong or right? and What is really happening to my system. I mean things are all normal, so far..but why the two passwords? I dont use any heavy things on my machine..just a bit of browsing and Empathy..thats all.and only the default applications are installed on my machine. I use Ubuntu Karmic 9.10.
I need to be able to capture a users password when they login. I am well aware of the security issues with this and I'm ok with this.
We run a call center and I am working on migrating from windows to Kubuntu for the callers. It's policy that all callers must report their password to me, so I already know of everyone's password. There has to be some variable/script that I can "hack" to get the password they typed in to the login screen.
What I'm trying to do is that when a user logs in in for the first time, their profile is automatically created and set up. Setting up network drives, email, pidgin (which the password is stored in plain text anyway, so forget about security on that one), web apps, etc.
Trying to find information on How to capture a users password and all have been responded with the usual lecture on why you shouldn't do this. So I've heard it all before and I know of the risks. Like I said, I already have the callers password on file. If I could capture it, I wouldn't have to manually setup each profile every time we get a new caller, which is often since turnover is quite high in call centers.
