Your Password is Disclose
I was try one of the microblogging software with my friend for the past few days and we are noticed one of the features that automatically send notices to Twitter stored a plain text password in MySQL database. That’s mean if you’re using the similar web services, your Twitter password is actually disclose.
Remember if you’re using Meebo, Facebook, Friendster, Myspace or any other community site that require enter your email address and password, I think your password is
disclose. Said for an example Meebo, you can have single account register on Meebo that keep multiple IM account. I’m sure you already save your password in the database(no matter plain text or not, your password is disclosed). If you enter Gmail, Yahoo or MSN email address and password in Facebook looking for your friends in the contact list who use the same services, I think your password is disclose too. Perhap they claimed they won’t keep your password.
How about those ‘policy’ that protected privacy? What are they try to do with your email data. Sorry I don’t know.
Possibly Related Posts:
- Google Public DNS Down?
- Missing /var/log/lastlog
- Telnet service_limit error
- Google accounts on Twitter
- How To Capture PUTTY Session Log
Set a Good Password Policy On SuSE Linux
Sometimes setting a good password policy is not easy and you may receive many complaint from end user especially non-IT related users. Normally they like password = password = abc123 as easy as possible.
Personally I don’t like pam_cracklib and I would preferred pam_passwdqc.
The pam_passwdqc module is a simple password strength checking module for PAM. In addition to checking regular passwords, it offers support for passphrases and can provide randomly generated ones.
The pam_passwdqc module provides functionality for only one PAM management group: password changing. In terms of the module-type parameter, this is the ”password” feature.
Here you go: SuSE Linux Password Policy.
Operating System: SLES 9
Required RPM: pam-modules, pwdutils, openssh and coreutils
/etc/pam.d/passwd auth required pam_unix2.so nullok account required pam_unix2.so account required pam_tally.so per_user deny=5 no_magic_root reset password required pam_passwdqc.so retry=5 ask_oldauthtok check_oldauthtok min=disabled,8,8,8,8 max=25 password required pam_pwcheck.so use_first_pass use_authtok password required pam_unix2.so use_first_pass use_authtok session required pam_unix2.so
/etc/pam.d/sshd
auth required pam_listfile.so item=user sense=deny file=/etc/login.deny auth required pam_tally.so onerr=fail no_magic_root auth required pam_unix2.so auth required pam_nologin.so auth required pam_env.so account required pam_unix2.so account required pam_nologin.so account required pam_tally.so deny=5 no_magic_root reset password required pam_passwdqc.so retry=5 ask_oldauthtok check_oldauthtok min=disabled,8,8,8,8 max=25 password required pam_pwcheck.so use_first_pass use_authtok password required pam_unix2.so use_first_pass use_authtok session required pam_unix2.so none session required pam_limits.so
/etc/pam.d/login
auth requisite pam_unix2.so nullok auth required pam_securetty.so auth required pam_nologin.so auth required pam_env.so auth required pam_mail.so auth required pam_tally.so onerr=fail no_magic_root account required pam_unix2.so account required pam_tally.so deny=5 no_magic_root reset password required pam_passwdqc.so retry=5 ask_oldauthtok check_oldauthtok min=disabled,8,8,8,8 max=25 password required pam_pwcheck.so use_first_pass use_authtok password required pam_unix2.so use_first_pass use_authtok session required pam_unix2.so none session required pam_limits.so
/etc/pam.d/su
auth sufficient pam_rootok.so auth required pam_unix2.so nullok account required pam_unix2.so account required pam_tally.so deny=5 no_magic_root reset password required pam_passwdqc.so retry=5 ask_oldauthtok check_oldauthtok min=disabled,8,8,8,8 max=25 password required pam_pwcheck.so nullok password required pam_unix2.so nullok use_first_pass use_authtok session required pam_unix2.so debug
Possibly Related Posts:
- Google Public DNS Down?
- lppasswd: Unable to open passwd file: Permission denied
- Missing /var/log/lastlog
- Telnet service_limit error
- Google accounts on Twitter
How To Force User Change Password At Next Login on Linux
My previous post talked about How To Show Linux User Password Expires. I would like to share “How to force user change password at next login on Linux“.
Option 1:
passwd command – change user password
Use the following syntax:
passwd -e
- -e Force the user to change password at next login
Setting password expire for user test
planetmy:~ # passwd -e test
planetmy:~ # chage -l test
Minimum: 0
Maximum: 90
Warning: 7
Inactive: -1
Last Change: Unknown, password is forced to change at next login
Password Expires: Never
Password Inactive: Never
Account Expires: Sep 11, 2008
Login as user ‘test’
login as: test
Using keyboard-interactive authentication.
Password:
Using keyboard-interactive authentication.
Password change requested. Choose a new password.
Old Password:
Using keyboard-interactive authentication.
New Password:
Using keyboard-interactive authentication.
Reenter New Password:
Last login: Thu Sep 11 10:13:22 2008 from 192.168.1.102
test@planetmy:/>
Note: This is apply to SuSE Linux 9 and 10 but NOT Red Hat Linux.
Possibly Related Posts:
- Google Public DNS Down?
- lppasswd: Unable to open passwd file: Permission denied
- Missing /var/log/lastlog
- Telnet service_limit error
- Google accounts on Twitter
How To Show Linux User Password Expires
In order to show password expires for any particular username on Linux, I use chage command. For an example:
#chage -l test
Minimum: 0
Maximum: 76
Warning: 14
Inactive: 7
Last Change: Jul 29, 2008
Password Expires: Oct 13, 2008
Password Inactive: Oct 27, 2008
Account Expires: Never
So, as you can see from the screen above, the Linux system show username: test password expires on Oct 13, 2008. Basically the ‘Password Expires’ calculation is ‘Last Change’ date + ‘Maximum’ of day on the system.
Again, if you would like to check more than one user, probably you can try some of the example as below:
Read more
Possibly Related Posts:
- Google Public DNS Down?
- lppasswd: Unable to open passwd file: Permission denied
- Missing /var/log/lastlog
- Telnet service_limit error
- Google accounts on Twitter
How to crack root password on SuSE Linux
Shit! I’m lost my SuSE Linux root password! I can’t remember what is my root password, I have tons of password inside my head and I can’t recall.
Don’t worry, If you’ve lost your root password, you might be able to do it this way. Let me explain “How to crack your root password on (SuSE) Linux“.
First login to single user mode. If you don’t see either a LILO or GRUB boot screen, try hitting CTRL-X to get one. If it’s LILO, just type “linux single” and press Enter. If GRUB, hit ‘e“, then select the “kernel” line, hit “e” again, and add “single” or just “1” to the end of the line. Press ENTER, and then press “b” to boot into single user mode. If you get a message “Give root password for system maintenance“, this isn’t going to work because you have another password control here.
So, you can add “init=/bin/bash” (LILO “linux init=/bin/bash” or add it to the Grub “kernel” line after “single” or “1” as mentioned above).
By the time, you should be able to see a prompt “#“. As you know root password is write on the /etc/shadow file and I don’t think you have permission write into “/etc” folder.
Type:
mount -o remount,rw /
OR
mount -o remount,rw /dev/sdX
which sdX is your “/” partition.
Possibly Related Posts:
- Google Public DNS Down?
- lppasswd: Unable to open passwd file: Permission denied
- Missing /var/log/lastlog
- Telnet service_limit error
- Google accounts on Twitter