Your Password is Disclose

I was try one of the microblogging software with my friend for the past few days and we are noticed one of the features that automatically send notices to Twitter stored a plain text password in MySQL database. That’s mean if you’re using the similar web services, your Twitter password is actually disclose.

Remember if you’re using Meebo, Facebook, Friendster, Myspace or any other community site that require enter your email address and password, I think your password is
disclose. Said for an example Meebo, you can have single account register on Meebo that keep multiple IM account. I’m sure you already save your password in the database(no matter plain text or not, your password is disclosed). If you enter Gmail, Yahoo or MSN email address and password in Facebook looking for your friends in the contact list who use the same services, I think your password is disclose too. Perhap they claimed they won’t keep your password.

How about those ‘policy’ that protected privacy? What are they try to do with your email data. Sorry I don’t know.

Read more

Possibly Related Posts:


October 9, 2008 · Filed Under Tips

2 Comments 

Set a Good Password Policy On SuSE Linux

Sometimes setting a good password policy is not easy and you may receive many complaint from end user especially non-IT related users. Normally they like password = password = abc123 as easy as possible.

Personally I don’t like pam_cracklib and I would preferred pam_passwdqc.

The pam_passwdqc module is a simple password strength checking module for PAM. In addition to checking regular passwords, it offers support for passphrases and can provide randomly generated ones.
The pam_passwdqc module provides functionality for only one PAM management group: password changing. In terms of the module-type parameter, this is the ”password” feature.

Here you go: SuSE Linux Password Policy.

Operating System: SLES 9
Required RPM: pam-modules, pwdutils, openssh and coreutils

/etc/pam.d/passwd
auth     required   pam_unix2.so     nullok
account  required   pam_unix2.so
account  required   pam_tally.so     per_user deny=5 no_magic_root reset
password required   pam_passwdqc.so  retry=5 ask_oldauthtok check_oldauthtok
  min=disabled,8,8,8,8 max=25
password required   pam_pwcheck.so   use_first_pass use_authtok
password required   pam_unix2.so     use_first_pass use_authtok
session  required   pam_unix2.so

/etc/pam.d/sshd

auth     required   pam_listfile.so  item=user sense=deny file=/etc/login.deny
auth     required   pam_tally.so     onerr=fail no_magic_root
auth     required   pam_unix2.so
auth     required   pam_nologin.so
auth     required   pam_env.so
account  required   pam_unix2.so
account  required   pam_nologin.so
account  required   pam_tally.so     deny=5 no_magic_root reset
password required   pam_passwdqc.so  retry=5 ask_oldauthtok check_oldauthtok
  min=disabled,8,8,8,8 max=25
password required   pam_pwcheck.so   use_first_pass use_authtok
password required   pam_unix2.so     use_first_pass use_authtok
session  required   pam_unix2.so     none
session  required   pam_limits.so

/etc/pam.d/login

auth     requisite  pam_unix2.so     nullok
auth     required   pam_securetty.so
auth     required   pam_nologin.so
auth     required   pam_env.so
auth     required   pam_mail.so
auth     required   pam_tally.so     onerr=fail no_magic_root
account  required   pam_unix2.so
account  required   pam_tally.so     deny=5 no_magic_root reset
password required   pam_passwdqc.so  retry=5 ask_oldauthtok check_oldauthtok
  min=disabled,8,8,8,8 max=25
password required   pam_pwcheck.so   use_first_pass use_authtok
password required   pam_unix2.so     use_first_pass use_authtok
session  required   pam_unix2.so     none
session  required   pam_limits.so

/etc/pam.d/su

auth     sufficient pam_rootok.so
auth     required   pam_unix2.so     nullok
account  required   pam_unix2.so
account  required   pam_tally.so deny=5 no_magic_root reset
password required   pam_passwdqc.so retry=5 ask_oldauthtok check_oldauthtok
  min=disabled,8,8,8,8 max=25
password required   pam_pwcheck.so  nullok
password required   pam_unix2.so    nullok use_first_pass use_authtok
session  required   pam_unix2.so    debug

Read more

Possibly Related Posts:


September 19, 2008 · Filed Under How's To, Open Source, Tips

5 Comments 

How To Force User Change Password At Next Login on Linux

My previous post talked about How To Show Linux User Password Expires. I would like to share “How to force user change password at next login on Linux“.

Option 1:
passwd command – change user password
Use the following syntax:
passwd -e

  • -e Force the user to change password at next login

Setting password expire for user test

planetmy:~ # passwd -e test
planetmy:~ # chage -l test
Minimum: 0
Maximum: 90
Warning: 7
Inactive: -1
Last Change: Unknown, password is forced to change at next login
Password Expires: Never
Password Inactive: Never
Account Expires: Sep 11, 2008

Login as user ‘test’
login as: test
Using keyboard-interactive authentication.
Password:
Using keyboard-interactive authentication.
Password change requested. Choose a new password.
Old Password:
Using keyboard-interactive authentication.
New Password:
Using keyboard-interactive authentication.
Reenter New Password:
Last login: Thu Sep 11 10:13:22 2008 from 192.168.1.102
test@planetmy:/>

Note: This is apply to SuSE Linux 9 and 10 but NOT Red Hat Linux.

Read more

Possibly Related Posts:


September 11, 2008 · Filed Under How's To, Open Source, Tips

1 Comment 

How To Show Linux User Password Expires

In order to show password expires for any particular username on Linux, I use chage command. For an example:

#chage -l test
Minimum: 0
Maximum: 76
Warning: 14
Inactive: 7
Last Change: Jul 29, 2008
Password Expires: Oct 13, 2008
Password Inactive: Oct 27, 2008
Account Expires: Never

So, as you can see from the screen above, the Linux system show username: test password expires on Oct 13, 2008. Basically the ‘Password Expires’ calculation is ‘Last Change’ date + ‘Maximum’ of day on the system.

Again, if you would like to check more than one user, probably you can try some of the example as below:
Read more

Possibly Related Posts:


August 5, 2008 · Filed Under How's To, Open Source, Tips

Comment 

How to crack root password on SuSE Linux

Shit! I’m lost my SuSE Linux root password! I can’t remember what is my root password, I have tons of password inside my head and I can’t recall.

Don’t worry, If you’ve lost your root password, you might be able to do it this way. Let me explain “How to crack your root password on (SuSE) Linux“.

First login to single user mode. If you don’t see either a LILO or GRUB boot screen, try hitting CTRL-X to get one. If it’s LILO, just type “linux single” and press Enter. If GRUB, hit ‘e“, then select the “kernel” line, hit “e” again, and add “single” or just “1” to the end of the line. Press ENTER, and then press “b” to boot into single user mode.  If you get a message “Give root password for system maintenance“, this isn’t going to work because you have another password control here.

So, you can add “init=/bin/bash” (LILO “linux init=/bin/bash” or add it to the Grub “kernel” line after “single” or “1” as mentioned above).

By the time, you should be able to see a prompt “#“.  As you know root password is write on the /etc/shadow file and I don’t think you have permission write into “/etc” folder.

Type:

mount -o remount,rw /

OR

mount -o remount,rw /dev/sdX

which sdX is your “/” partition.

Read more

Possibly Related Posts:


July 10, 2008 · Filed Under How's To, Open Source, Tips

1 Comment 

Next Page →

Planet Malaysia
  • Follow us on Twitter


    • web www.planetmy.com