On Wed, 3 Nov 2010, Mark Allums wrote:
Not a pattern in the hashes. A pattern in the history.
Hi Mark. That's what I meant. The history is made up of hashes and
possibly additional information.
Cheers,
Rob
--
Email: rob...@timetraveller.org Linux counter ID #16440
IRC: Solver (
Wolodja Wentland wrote:
> On Thu, Nov 04, 2010 at 10:55 +, Camaleón wrote:
>> On Wed, 03 Nov 2010 20:40:15 +0100, Lukas Baxa wrote:
>>> Camaleón wrote:
>
>>> I would like to file a new bug report, but I'm not sure against which
>>> package. I'm considering either passwd or libpam-modules.
>
On Thu, Nov 04, 2010 at 10:55 +, Camaleón wrote:
> On Wed, 03 Nov 2010 20:40:15 +0100, Lukas Baxa wrote:
> > Camaleón wrote:
> > I would like to file a new bug report, but I'm not sure against which
> > package. I'm considering either passwd or libpam-modules.
> "passwd" (as Wolodja suggeste
On Wed, 03 Nov 2010 20:40:15 +0100, Lukas Baxa wrote:
> Camaleón wrote:
>> On Mon, 01 Nov 2010 21:35:20 +, Wolodja Wentland wrote:
>> (...)
>>
>>> … which is clearly not working in the way it is described. I have not
>>> reproduced this bug myself, but it is exactly that and should
>>> there
On 11/03/2010 10:41 AM, Robert Brockway wrote:
[snip]
Personally I don't think much of keeping a record of old password
hashes but for a different reason: they are easily circumvented by
the user changing their password several times until they can reuse
the old one again.
Then, instead of ret
Mark Allums writes:
> Not a pattern in the hashes. A pattern in the history.
What history? There is no need to save anything but the last N hashes.
--
John Hasler
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@li
On 11/3/2010 10:41 AM, Robert Brockway wrote:
On Wed, 3 Nov 2010, Mark Allums wrote:
You can't reverse the hash, but a pattern in the history file might
tell someone something you don't want them to know. Granted, you could
keep the
If the hash algorithm is worth its salt (pun intended) then
Camaleón wrote:
> On Mon, 01 Nov 2010 21:35:20 +, Wolodja Wentland wrote:
>
>> On Mon, Nov 01, 2010 at 12:49 -0500, Ron Johnson wrote:
>
However, I'm able to change my password when logged in as guest as
many times I want the same day
>>> If someone learns my password on day 2, they
On Wed, 3 Nov 2010, Mark Allums wrote:
I know it is the hashes. Everything leaves tracks. It's not the passwords
that might be compromised, it's the privacy. I expect this is an example of
extreme paranoia, but still...
An unrelated example: Incognito mode (AKA, porn mode) of Google Chrom
On 11/2/2010 11:57 PM, Ron Johnson wrote:
On 11/02/2010 09:58 PM, Mark Allums wrote:
On 11/2/2010 9:40 PM, Jesús M. Navarro wrote:
Hi, lee:
On Tuesday 02 November 2010 21:26:54 lee wrote:
On Mon, Nov 01, 2010 at 06:29:03PM -0500, Ron Johnson wrote:
[snip]
The way to do it is to have a reco
On 11/02/2010 09:58 PM, Mark Allums wrote:
On 11/2/2010 9:40 PM, Jesús M. Navarro wrote:
Hi, lee:
On Tuesday 02 November 2010 21:26:54 lee wrote:
On Mon, Nov 01, 2010 at 06:29:03PM -0500, Ron Johnson wrote:
[snip]
The way to do it is to have a record in your password db of the
hashes of eac
On 11/2/2010 9:40 PM, Jesús M. Navarro wrote:
Hi, lee:
On Tuesday 02 November 2010 21:26:54 lee wrote:
On Mon, Nov 01, 2010 at 06:29:03PM -0500, Ron Johnson wrote:
On 11/01/2010 04:45 PM, Jesús M. Navarro wrote:
Hi, Ron:
On Monday 01 November 2010 18:49:01 Ron Johnson wrote:
[...]
If someo
Hi, lee:
On Tuesday 02 November 2010 21:26:54 lee wrote:
> On Mon, Nov 01, 2010 at 06:29:03PM -0500, Ron Johnson wrote:
> > On 11/01/2010 04:45 PM, Jesús M. Navarro wrote:
> > >Hi, Ron:
> > >
> > >On Monday 01 November 2010 18:49:01 Ron Johnson wrote:
> > >[...]
> > >
> > >>If someone learns my pa
On Mon, 01 Nov 2010 21:35:20 +, Wolodja Wentland wrote:
> On Mon, Nov 01, 2010 at 12:49 -0500, Ron Johnson wrote:
>>> However, I'm able to change my password when logged in as guest as
>>> many times I want the same day
>
>> If someone learns my password on day 2, they have full access to my
On 11/02/2010 03:26 PM, lee wrote:
On Mon, Nov 01, 2010 at 06:29:03PM -0500, Ron Johnson wrote:
On 11/01/2010 04:45 PM, Jesús M. Navarro wrote:
Hi, Ron:
On Monday 01 November 2010 18:49:01 Ron Johnson wrote:
[...]
If someone learns my password on day 2, they have full access to my
account for
On Mon, Nov 01, 2010 at 06:29:03PM -0500, Ron Johnson wrote:
> On 11/01/2010 04:45 PM, Jesús M. Navarro wrote:
> >Hi, Ron:
> >
> >On Monday 01 November 2010 18:49:01 Ron Johnson wrote:
> >[...]
> >>If someone learns my password on day 2, they have full access to my
> >>account for 74 days, or I mus
Hi, Ron:
On Tuesday 02 November 2010 00:29:03 Ron Johnson wrote:
> On 11/01/2010 04:45 PM, Jesús M. Navarro wrote:
> > Hi, Ron:
> >
> > On Monday 01 November 2010 18:49:01 Ron Johnson wrote:
> > [...]
> >
> >> If someone learns my password on day 2, they have full access to my
> >> account for 74
On 11/01/2010 04:45 PM, Jesús M. Navarro wrote:
Hi, Ron:
On Monday 01 November 2010 18:49:01 Ron Johnson wrote:
[...]
If someone learns my password on day 2, they have full access to my
account for 74 days, or I must beg for SysAdmin help?
"Minimum number of days" isn't a very bright idea.
I
On Mon, Nov 01, 2010 at 12:49 -0500, Ron Johnson wrote:
> On 11/01/2010 11:28 AM, Lukas Baxa wrote:
[…]
>> Minimum number of days between password change : 76
>> Maximum number of days between password change : 90
>> Number of days of warning before passwo
Hi, Ron:
On Monday 01 November 2010 18:49:01 Ron Johnson wrote:
[...]
> If someone learns my password on day 2, they have full access to my
> account for 74 days, or I must beg for SysAdmin help?
>
> "Minimum number of days" isn't a very bright idea.
It is, for a low minimum number.
The rational
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/dcd311c5c867409ebd473862ff2b8...@staf.tio.nl
On 11/01/2010 11:28 AM, Lukas Baxa wrote:
Hi,
I created an account guest to test password aging.
The aging info of this account is following:
chage -l guest
Last password change: Nov 01, 2010
Password expires: Jan 30
Hi,
I created an account guest to test password aging.
The aging info of this account is following:
> chage -l guest
Last password change: Nov 01, 2010
Password expires: Jan 30, 2011
Password inact
In <1238940839.4114.1.ca...@vishnuvardhan>, Gmail POP3 Access wrote:
>[W]hen I did open the /boot/grub/menu.lst there are a lot of entries
>starting with # symbol.
Yeah, there's also documentation for them and an explanation of why they start
with '#' in that file.
If you'd read the documentati
On Sun, 2009-04-05 at 16:18 +, Harry Rickards wrote:
> Quoting Gmail POP3 Access :
>
> > On Sun, 2009-04-05 at 14:38 +, Harry Rickards wrote:
> >> Quoting Gmail POP3 Access :
> >>
> ...
> >> > I have edited the file with the follwoing entries :
> >> >
> >> > timeout 3
> >> > password --md
On Sun, 2009-04-05 at 21:28 +0530, Gmail POP3 Access wrote:
> On Sun, 2009-04-05 at 14:38 +, Harry Rickards wrote:
> > Quoting Gmail POP3 Access :
> >
> > > But when I did open the /boot/grub/menu.lst there are a lot of entries
> > > starting with # symbol.
> >
> > The hash means that the lin
Quoting Gmail POP3 Access :
...
# menu.lst - See: grub(8), info grub, update-grub(8)
#grub-install(8), grub-floppy(8),
#grub-md5-crypt, /usr/share/doc/grub
#and /usr/share/doc/grub-legacy-doc/.
## default num
# Set the default entry to the entry number NUM. N
Quoting Gmail POP3 Access :
On Sun, 2009-04-05 at 14:38 +, Harry Rickards wrote:
Quoting Gmail POP3 Access :
...
I have edited the file with the follwoing entries :
timeout 3
password --md5 encryptedpassword data.
Should I delete the below lines of the file [ menu.lst ].
What lines
I am using Lenny.
I have created partitions using "Guided partition" and I choose the
option for "seperate folders for everything".
[1] Today I was going through "HowTo : Securing Debian" and came across
the suggestion of "Pawword for Grub".
But when I did open the /boot/grub/menu.lst there ar
Incoming from Joost De Cock:
> On Wednesday 09 June 2004 14:04, Michael Martinell hurled the following on the
> wire:
> > Is there a way to script out the changing of passwords at the command line.
> >
> > I have about 60 passwords to change manually, according to federal policy.
>
> apt-get inst
On Wednesday 09 June 2004 14:04, Michael Martinell hurled the following on the
wire:
> Is there a way to script out the changing of passwords at the command line.
>
> I have about 60 passwords to change manually, according to federal policy.
> In windows I would just do a net user username passwor
On Wed, 2004-06-09 at 08:04, Michael Martinell wrote:
> Is there a way to script out the changing of passwords at the command line.
>
> I have about 60 passwords to change manually, according to federal policy.
> In windows I would just do a net user username password
> Is there no similar linux c
Is there a way to script out the changing of passwords at the command line.
I have about 60 passwords to change manually, according to federal policy.
In windows I would just do a net user username password
Is there no similar linux command?
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a
(Please post in plain text, not HTML)
On Thu, Dec 04, 2003 at 08:31:17PM +0100, Robert Cates wrote:
>Hi,
>
>my ISP allows me to use SSH to logon (port 22), but only to change my
>account password.
>
>I am running a Debian Woody server with SSH 3.7.1 (using protocol 2
>only) a
Hi,
my ISP allows me to use SSH to logon (port 22), but
only to change my account password.
I am running a Debian Woody server with SSH
3.7.1 (using protocol 2 only) and would like to do the same.
Does anybody know how this is done?
Thanks in advance!
Robert
> Is there a PAM module that enforces good passwords? ie. won't allow
> passwords easily crackable by john the ripper?
>
> Mike
Install cracklib2 and uncomment this line in /etc/pam.d/passwd
password required pam_cracklib.so retry=3 minlen=6 difok=3
--
To UNSUBSCRIBE, email to
On 07/06/02 Vineet Kumar did speaketh:
> Taken from passwd(1):
>
>If you wish to immediately expire an accounts password,
>you can use the -e option. This in affect can force a user
>to change their password at their next login. You can also
Is there a PAM module t
* [EMAIL PROTECTED] ([EMAIL PROTECTED]) [020607 20:40]:
> I need to force the users to change their password on first
> logon. How can I do this on a Debian Box?
Taken from passwd(1):
If you wish to immediately expire an accounts password,
you can use the -e option. T
On Sat, Jun 08, 2002 at 12:40:10AM -0300, [EMAIL PROTECTED] wrote:
> I need to force the users to change their password on first
> logon. How can I do this on a Debian Box?
$ passwd -e
Seems the adduser script doesn't have a way to force this as the
default behavior??
--
Eric G. Mi
I need to force the users to change their password on first
logon. How can I do this on a Debian Box?
Regards,
Daniel Fernandes
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Tue, May 28, 2002 at 07:05:31PM -0600, Patrick Klee wrote:
> Hi all,
> I have a PPC, but it's pretty much the same on both since I have an x86
> box as well. N E Hoo, here's the problem...
>
> I login to the system, and it says I need too create a new password. This
> is for root AND user
Hi all,
I have a PPC, but it's pretty much the same on both since I have an x86
box as well. N E Hoo, here's the problem...
I login to the system, and it says I need too create a new password. This
is for root AND user! And it also happens everytime I login, it says I need
to make a new pas
ently
Damian> substitute in this alternate shell when the users come in.
I am not sure if this is possible with LDAP, or what alternative you
should/would use.
Then again, with something like NIS or openldap you may not even need a
password change computer, but I don't understand
On Mon, 16 Oct 2000, Jeremy Gaddis wrote:
> > > Set root's shell to whichever you prefer, and set
> > > the regular user's shell to /usr/bin/passwd.
> >
> > Yeah...I thought of this at first, but I need a solution that doesn't
> > mess with the passwd file at all, as the passwd file is distribute
> > Set root's shell to whichever you prefer, and set
> > the regular user's shell to /usr/bin/passwd.
>
> Yeah...I thought of this at first, but I need a solution that doesn't
> mess with the passwd file at all, as the passwd file is distributed to
> other machines on a regular basis, and the use
ole, and to have all other users
> > redirected to a password change program?
>
> Set root's shell to whichever you prefer, and set
> the regular user's shell to /usr/bin/passwd.
Yeah...I thought of this at first, but I need a solution that doesn't
mess with the passwd file at
On Mon, 16 Oct 2000, Daniel Whelan wrote:
> I'm currently configuring a machine to be the master password machine
> for a large network of machines. Is there a way to configure it to allow
> only root to get an actual console, and to have all other users
> redirected to a passwo
I'm currently configuring a machine to be the master password machine
for a large network of machines. Is there a way to configure it to allow
only root to get an actual console, and to have all other users
redirected to a password change program?
Thanks,
Daniel
How about using 'chage'. I think you probably need to play with the -M
and -d switches. BTW chage is in the passwd package.
HTH
Rich
Arcady Genkin wrote:
>
> George Bonser <[EMAIL PROTECTED]> writes:
>
> Sorry to bug you again, but I am still looking for th
George Bonser <[EMAIL PROTECTED]> writes:
Sorry to bug you again, but I am still looking for the password change
solution...
The .bash_profile solution works, but then if the user changes his default
shell from bash to smth else, I won't be able to force password change
anymore... I
elete the .newuser file.
> This has the advantage of allowing you to touch .newuser (and change the
> ownership so the user can delete it without complaint) at any time to
> force a password change ... or at least STRONGLY suggest a password
> change.
Thanks for your reply.
A little ter
Arcady Genkin wrote:
>Searched info on usermod and passswd and couldn't figure it out.
>
>How do I force a user to change password the next time he logs in?
>
If you are using shadow passwords (/etc/shadow exists) look at
`man 5 shadow', otherwise look at `man 5 passwd'.
--
Oliver Elphi
George Bonser <[EMAIL PROTECTED]> writes:
> man shadow
Thanks. I still have a question though. Example:
testdummy:mbjdfWfNf6Eto:10710:0:0:7:::
implies that the user's password expires after 0 days. But in practice
this means that the user will have to change his password every day
(time?) he l
Searched info on usermod and passswd and couldn't figure it out.
How do I force a user to change password the next time he logs in?
Thanks a lot!
--
Arcady Genkin
"I opened up my wallet, and it's full of blood..." - GsYDE
54 matches
Mail list logo
