|
|
Sponsored Content
Special Forums
Cybersecurity
Password rules not effective
Post 302728025 by rbatte1 on Wednesday 7th of November 2012 08:42:24 AM
11-07-2012
Moderator
Password rules not effective
I was looking for a good list of words to exclude people from using as passwords, i.e. those that could be guessed easily. I'm working through a whole bunch of suggestions from skullsecurity.org, but I managed to find this page that seems to suggest I have more options than I thought. 
I have a server built at AIX 6.1.3.0, but recently brought up to AIX 6.1.7.5, so I think I qualify, but there have been no changes to /etc/security/user by the update.
Adding a record in the default: stanza for minloweralpha has no effect.
Back on quest for a dictionary list, the suggestions on the document are shown for excluding the sequence "123" from a user selected password, but I can't get that to work either. Does anyone have it working and can point out why I am being a fool? 
My personal stanza in /etc/security/user has a dictionlist definition and I can prove that it is effective for excluding specific words, such as password but I'd prefer to craft some woolly rules to exclude our usual suspects like "July2012" etc.
Am I just missing something obvious? I have just installed bos.data from the original media, which has given me a /usr/share/dict/words file full of all sorts of stuff, but they are all explicit exclusions and I still can't get either of the above to work.
..... and why does : wall : appear as a question box now?
Many apologies and thanks, in advance,
Robin
Liverpool/Blackburn
UK
I have a server built at AIX 6.1.3.0, but recently brought up to AIX 6.1.7.5, so I think I qualify, but there have been no changes to /etc/security/user by the update.
Adding a record in the default: stanza for minloweralpha has no effect.
Back on quest for a dictionary list, the suggestions on the document are shown for excluding the sequence "123" from a user selected password, but I can't get that to work either. Does anyone have it working and can point out why I am being a fool? My personal stanza in /etc/security/user has a dictionlist definition and I can prove that it is effective for excluding specific words, such as password but I'd prefer to craft some woolly rules to exclude our usual suspects like "July2012" etc.
Am I just missing something obvious? I have just installed bos.data from the original media, which has given me a /usr/share/dict/words file full of all sorts of stuff, but they are all explicit exclusions and I still can't get either of the above to work.
..... and why does : wall : appear as a question box now?
Many apologies and thanks, in advance,
Robin
Liverpool/Blackburn
UK
Last edited by rbatte1; 11-08-2012 at 08:41 AM..
|
|
7 More Discussions You Might Find Interesting
1. Cybersecurity
I would like to give execution rights for a script to one user. (that's the easy part...)
When that user is running the script, I would like the effective user ID to be that of the file-owner. Is this possible? (6 Replies)
Discussion started by: hilmel
6 Replies
2. UNIX for Dummies Questions & Answers
Hey all, I'm glad to have found this forum as I'm trying to dive head first into Solaris 8 - been working with it for a few months now and am finally getting a bit comfortable with the layout and concepts. In any case, on to the questions... :D
I was wondering how I would go about displaying... (3 Replies)
Discussion started by: QuadMonk
3 Replies
3. UNIX for Dummies Questions & Answers
what's the most efficient and effective search for a file in a dir ?
I see many guys use this
# find - print
or something as such ? and sometimes pipe it to something else ?
Is there a better way of using "grep" in all of this ?
thanks
simon2000 (3 Replies)
Discussion started by: simon2000
3 Replies
4. UNIX for Dummies Questions & Answers
Here is my situation. On a RedHat 7.3 box, I have a user named jody.
When I log in with jody and type in "id", I get the expected output:
uid=1(jody) gid=1(jody) groups=1(jody), 510(test)
However, I cannot figure which "id" option allows me to change the effective gid. I tried the options... (2 Replies)
Discussion started by: Jody
2 Replies
5. UNIX for Dummies Questions & Answers
Using Solaris 9 and 10.
What we want to do is set up global rules for our password files to restrict all users, not only new ones set up with the rules but also the ones that have been sitting on the system for years.
Is there a global way to force all users to change their password every 90... (1 Reply)
Discussion started by: LordJezo
1 Replies
6. UNIX for Dummies Questions & Answers
What are the rules for choosing a new password when the old one expires? I notice when I try to use a password that is similar to my previous one then it won't take it. Got me wondering what the exact rules are- as in, how different does it have to be from previous passwords. (1 Reply)
Discussion started by: zTodd
1 Replies
7. UNIX for Dummies Questions & Answers
Can anyone explain me in details of Real and Effective IDs (6 Replies)
Discussion started by: kkalyan
6 Replies
LEARN ABOUT DEBIAN
dbix::password
Password(3pm) User Contributed Perl Documentation Password(3pm) NAME
DBIx::Password - Allows you to create a global password file for DB passwords SYNOPSIS
use DBIx::Password; my $dbh = DBIx::Password->connect($user); my $dbh = DBIx::Password->connect_cached($user); $dbh->getDriver; DBIx::Password::getDriver($user); DBIx::Password::checkVirtualUser($user); DBIx::Password::clearConfig(); DBIx::Password::readConfig("$ENV{HOME}/.my.secret.file"); DESCRIPTION
Don't you hate keeping track of database passwords and such throughout your scripts? How about the problem of changing those passwords on a mass scale? This module is one possible solution. It stores all your virtual users and data in /etc/dbix-password.conf. For each user you need to specify the database module to use, the database connect string, the username and the password. You will have to give a name to this virtual user. You can add as many as you like. I would recommend that if you are only using this with web applications that you change the final permissions on this package after it is installed in site_perl such that only the webserver can read it. A method called getDriver has been added so that you can determine what driver is being used (handy for working out database indepence issues). If you want to find out if the virtual user is valid, you can call the class method checkVirtualUser(). It returns true(1) if the username is valid, and zero if not. Once your are done you can use the connect method (or the connect_cache method) that comes with DBIx-Password and just specify one of the virtual users you defined while making the module. BTW I learned the bless hack that is used from Apache::DBI so some credit should go to the authors of that module. This is a rewrite of the module Tangent::DB that I did for slashcode. If your program does not need the system-wide information stored in the /etc/dbix-password.conf file, you may use the clearConfig() and readConfig() functions to get the data from another source. At any time, readConfig() may also be used to merge the data from another file into the currently-loaded configuration. Hope you enjoy it. HOME
To find out more information look at: http://www.tangent.org/DBIx-Password/ AUTHOR
Brian Aker, brian@tangent.org SEE ALSO
perl(1). DBI(3). perl v5.10.0 2009-05-09 Password(3pm)