Is there a way to use kerberos (or baring that a trusted CA) to allow users to ssh across machines in an environment isntead of having to manage the hash keys per user/server? I'm using kerberos+ldap to log folks in and get their settings but I'd like to take it a step further. I've been reading a lot but still can't quite get it all to come together.
Do I need to create a SPN for each host to do this? Sorry if I am asking a dumb question, I am returning to the *nix fold after a decade+ in the Microsoft world, be gentle with me.
I wanted to disable root logins in console, so I searched for that. I found that if I change root's bash to "/sbin/nologin" in "/etc/passwd", root user will not be able to login. So I did that. But when I wanted to use sudo command, it didn't show me root bash, but it only do the same thing as logging in as root in single user mode (shows message that this account is disabled). So, how I can disable root logins, but keep enabled sudo command for standard users?
I'm planning to centralize users and passwords and also create controls for user access to some equipment, for example, Linux Servers, Switches, routers and firewalls. In case of failure of the link between the ACS and AD or equipment to the ACS, this device would use local username and password.
At the moment, my AD structure is a Microsoft, Cisco ACS servers and Linux Standalone. I wish that both linuxs servers and network equipment were authorized by Cisco ACS on the accounts that are in Microsoft AD.
The configuration of the Cisco ACS to use the AD is done and no problems, the network equipment is OK too, but am having difficulties configuring the server for this solution.
I wonder if it is possible to have two passwords for one user account in 9.10. I have a long login password (5 words about 45 characters with spaces caps). I would like to set a shorter password for Authentication, sudo, etc. While retaining the original for logging in.In short:Have long password to login to computer.Have short password for everything after login.
I am trying to set up Ubuntu like I had on my windows PC. I have my account, my wifes account and my kids account. I want passwords set for both myself and my wife but I don't want the kids to be required to have a password to log in. When setting up Ubuntu, it looks like it was all or none. I have dabbled with Linux off and on for years and am sure there is a way to set this up but I have no idea how.
I am not very security minded...I'm aware of it, and always made sure I had up-to-date overall protection in Windows but firewalls, and the blasted passwords are largely a thorn in my side!When I got my iPhone last year I suddenly discovered password managers & "wallets" to keep all that kind of information in and syncable across different devices. My life got so much easier. Of course now I need to figure out encryption keys, and how they work (I'm clueless). I also need to find a program or system that I can move my existing low-tech info (mailnly user name & passwords) that will also accomodate the increased needs of Ubuntu security and still be sync-able. I started a little research weeks ago, but my current "wallet" only exports .csv so I quit since I'm going to have to do a lot of data entry whatever I go with.So here goes:
1) what is the difference (bare bones) between using an encryption key (e.k.) vs. a standard user created password? what situations are better suited for e.k.?
2) I have seahorse (default intall with Ubuntu I guess) but the only thing in it is Login under passwords which leads to a login keyring (?) and a drop-down list of about 6-10 of the gazillon passwords I use daily. The other tabs are for keys which I don't have any concept of.
3) I know FF also "remembers" user id & passwords as you choose to have it do so. Is that information transferable into seahorse or another program?
4)I'm also (today) getting ready to really set up my system for user names & security across my little home network. How can I integrate that into whichever program/app I go with to store my pwds and keys?
5)give me links to fairly current documentation on this stuff?
6) Any program/app recommendations.Pros/cons uses, what they can & can't do or be used for, etc.
I upgraded from 10.10 to 11.04 (32 bit) with a clean install as the "upgrade" option in update manager failed. I'm setting up the system again and want to restore the backup I took prior to upgrading, however due to the upgrade I don't want to just re install everything. The following have been backed up
/etc /home /usr/local /var
Now there are various things that are different such as firefox 3.x has become firefox 4 Open office is gone, long live LibreOffice, my proprietary Nvidia drivers don't seem to be trusted yet, all the repositories will be different etc. I will re install all the applications fresh from the software centre, but I would like to restore all the users and passwords and their home directories,
So I don't I want to restore /etc or /usr/local en masse. I guess /var is not worth restoring either /home gets me their files but how do I restore the users and passwords? (there are about 8 registered users some of whom have different privileges) and the user ID need to be the same as they all access a NAS through nfs)
I'm configuring a CentOS 5.4 workstation. I have been able to apply most of the security that is required. I have met all but one logging requirement. How do you get the count of old passwords associated with users? I don't need to see their passwords just how many times they have changed them. I have set remember to 24 in the /etc/pam.d/system-auth file. I don't know where the file is that contains this information.
I am having some trouble logging into my machine: it seems to not accept my password. I am fairly sure I am typing it correctly. I can work around it easily enough by logging into the console and changing the password, but it is annoying.
I have an old server running CentOS 5. The encription method used was the default MD5 for the shadow file. I would like to migrate the server to Debian Squeeze which uses SHA512. I have already copied the passwd, group and shadow file with the user accounts information but the Debian machine doesn't let the users login. I have already looked in the pam files to make it accept the MD5 encryption without any luck. how can i migrate the users without resetting their passwords?
I am using squid + dansguardian for web and content filtering. And it is working fine. I am forcing users to use proxy through browser configuration. Now I am planning to add another layer to controlling access using ncsa_auth program. I know it is not the most secured but I am fine with it. Plain passwords are fine with me.
I will be giving users some default passwords but I want some program for allowing users to change the passwords for the respective users if they want. Is there any perl script or something web based for the purpose that anyone is using or know of?
I have inherited a RedHat 5.4 server that is having an odd issue. Root and all of the user accounts can log in via SSH. Not a single account can log in via the console (sitting in front of the server). If I bring it up in single user made, I can log in with root all day long.
I want to say that this has something to do with PAM, but this is when I play my "Noob" card. Could anyone possibly steer me in the right direction to figure out what is going on?
On other editions of ubuntu server I had no problem saving multiple users and passwords with htdigest but now it seems it is only possible to save one user and password. Code: sudo htdigest -c /etc/apache2/passwords directory user When I add a second username and password for the same directory it overwrites the first.
I have installed the new phpMyadmin3.4.1 on a server running Ubuntu 9.10 with apache and mysql. It runs on php5.2.10The apache config seems fine as the virtual directory that I configured works fine. http://<ip-of-server>/phpmyadminlink works. The home page is displayed. But when I enter the user name and password, instead of logging into the console, it again redirects me to the index page of the site. There are no errors displayed. I have checked that cookies on browser are enabled.The server is hosted on amazon web services, if that makes any difference
just now i have installed squid, it works fine with authentication . I created this authentication in a simple text file by using htpasswd . my question is that is there any web based simple page to change passwords of squid users, because each and every time i cant give direct access to server for my squid users .
Im trying to set up a Proxy server on my CentOS server and I have been looking at Squid, however I wondered if there is a proxy server that will support having authenticated users and passwords in a MySQL database?I wanted to do this so I have good control over who is connected through my proxy.
Feb 10 (today) user qt4 extracts from cd /var/log/secure grep -i 'feb 10' secure Something wrong with pam or selinux? I have not fooled with pam or selinux in decades The secure file seems to report problems I do regular yum update s from secure: above
secure:Feb 10 08:00:20 localhost pam: gdm-password: pam_unix(gdm-passwordession): session opened for user qt4 by (uid=0) secure:Feb 10 08:00:48 localhost polkitd(authority=local): Unregistered Authentication Agent for unix-session:/org/freedesktop/ConsoleKit/Session1 (system bus name :1.37, object path /org/gnome/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
I can login to qt4 from another user via "su - qt4" I would be shot if I inserted the inserted secure file
I am looking for ideas for getting windows users into an ldap server. I am currently running a Linux server for my department and need to create an LDAP server which mirrors the username/password information for all of us as they are stored in the windows server here. I have the openldap server up and running on Ubuntu 8.04 and it works great; I now need to find some way to import user info into this from windows. I've seen discussions of using ldifde.exe to export the AD users into an ldif file. Is this the simplest way to go about it?
Our Linux server is currently providing us with much needed services using apache, and apache is authenticating using LDAP to our windows server (Using our windows username / password is required functionality). This windows server has some problem which causes it to delay for inordinate amounts of time between authentication requests and responses. The situation is such that this problem will not be addressed by IT staff. However, I have control over the Linux server so I am looking to just mirror the windows server on an LDAP server of my own. I could get away with updating the passwords in the Linux server.
I use Ubuntu on my netbook, which I uses for browsing and email. It's way faster than the Windows which came on the machine. That's a nice feature, as is the price.
I like it except for the constant, perpetual, ever-present, super-annoying need to be entering passwords and "becoming root user" and so on. I am the only one using this appliance. I don't even care if someone steals it, really. There must be some way (I hope) of disabling this idea that I am a CIA agent with TopSecret materials.
I just want a simple, easy to use appliance. If not Ubuntu, is there any distro that is aimed at normal people?
Is it possible to have two passwords associated with one account, one that is the actual one, and another one, a duress password, that upon entering gives a similar (desktop) environment with "decoy data"?
The idea is to have the bogus password go to an encrypted home drive that looks as if it were the real deal, but it is wiping particular sensitive (encrypted) data that is visible only with the real password in the background, so that the actual data that need to be protected are not compromised. While the person who unlocked the computer tries to find the information on it between all the rubbish files, the real files are securely wiped. The files are very sensitive in nature, so it's better to have then destroyed than have unauthorized people access them, in the event of that happening.
I happen to know that TrueCrypt has a similar option but that requires an entire decoy operating system (and I think that might be a bit conspicuous), but is there a native linux way to do it?
Lately I adapted my /etc/fstab to mount samba shared network drives. I had to put the password in the configuration file in order to log in automatically. Isn't there another way? It feels a little akward to me to put passwords in a plain text-file.
I have an external USB drive that is NTFS. It mounts fine under my account and my wife's, but only if I fully shut-down the computer between switching. While switching users or logging out then in with a different account it will not mount the drive. I am not sure what to do... but we both access data from the same drive.
I don't know if this is possible... I want that only some of a Windows Domain(Samba) users can to logging in a machine.For example: The user Peter of the domain WORKSPACE can connect to the PC1, but the user Charly of the domain WORKSPACE can not connect to the PC1. How I can implement this?
We are trying to set up a classroom training environment where our SIG can hold classes for prospective converts from Microsoft/Mac. The ten machines will have /home/student01..10 and /home/linsig01..10 as users. We want /home/student01 to be able to explore and sudo so they can learn to administer their personal machines at home. We don't want them to be able to modify (sudo) /home/linsig01. I've seen the tutorial on Access Control Lists but I'd like other input so we get it right the first time.