Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Password rules not effective
Special Forums Cybersecurity Password rules not effective Post 302728025 by rbatte1 on Wednesday 7th of November 2012 08:42:24 AM
Old 11-07-2012
Network Password rules not effective
I was looking for a good list of words to exclude people from using as passwords, i.e. those that could be guessed easily. I'm working through a whole bunch of suggestions from skullsecurity.org, but I managed to find this page that seems to suggest I have more options than I thought. Smilie

I have a server built at AIX 6.1.3.0, but recently brought up to AIX 6.1.7.5, so I think I qualify, but there have been no changes to /etc/security/user by the update. Smilie

Adding a record in the default: stanza for minloweralpha has no effect. Smilie Back on quest for a dictionary list, the suggestions on the document are shown for excluding the sequence "123" from a user selected password, but I can't get that to work either. Does anyone have it working and can point out why I am being a fool? Smilie

My personal stanza in /etc/security/user has a dictionlist definition and I can prove that it is effective for excluding specific words, such as password but I'd prefer to craft some woolly rules to exclude our usual suspects like "July2012" etc.

Am I just missing something obvious? I have just installed bos.data from the original media, which has given me a /usr/share/dict/words file full of all sorts of stuff, but they are all explicit exclusions and I still can't get either of the above to work. Smilie

..... and why does : wall : appear as a question box now?



Many apologies and thanks, in advance,

Robin
Liverpool/Blackburn
UK
Last edited by rbatte1; 11-08-2012 at 08:41 AM..
 

7 More Discussions You Might Find Interesting

1. Cybersecurity

Changing effective user

I would like to give execution rights for a script to one user. (that's the easy part...) When that user is running the script, I would like the effective user ID to be that of the file-owner. Is this possible? (6 Replies)
Discussion started by: hilmel
6 Replies

2. UNIX for Dummies Questions & Answers

Variables for Effective Username?

Hey all, I'm glad to have found this forum as I'm trying to dive head first into Solaris 8 - been working with it for a few months now and am finally getting a bit comfortable with the layout and concepts. In any case, on to the questions... :D I was wondering how I would go about displaying... (3 Replies)
Discussion started by: QuadMonk
3 Replies

3. UNIX for Dummies Questions & Answers

most effective search ?

what's the most efficient and effective search for a file in a dir ? I see many guys use this # find - print or something as such ? and sometimes pipe it to something else ? Is there a better way of using "grep" in all of this ? thanks simon2000 (3 Replies)
Discussion started by: simon2000
3 Replies

4. UNIX for Dummies Questions & Answers

Changing the Effective Group ID

Here is my situation. On a RedHat 7.3 box, I have a user named jody. When I log in with jody and type in "id", I get the expected output: uid=1(jody) gid=1(jody) groups=1(jody), 510(test) However, I cannot figure which "id" option allows me to change the effective gid. I tried the options... (2 Replies)
Discussion started by: Jody
2 Replies

5. UNIX for Dummies Questions & Answers

Server wide password enforcement rules? 90 day force change.

Using Solaris 9 and 10. What we want to do is set up global rules for our password files to restrict all users, not only new ones set up with the rules but also the ones that have been sitting on the system for years. Is there a global way to force all users to change their password every 90... (1 Reply)
Discussion started by: LordJezo
1 Replies

6. UNIX for Dummies Questions & Answers

rules for new password?

What are the rules for choosing a new password when the old one expires? I notice when I try to use a password that is similar to my previous one then it won't take it. Got me wondering what the exact rules are- as in, how different does it have to be from previous passwords. (1 Reply)
Discussion started by: zTodd
1 Replies

7. UNIX for Dummies Questions & Answers

Real and Effective IDs

Can anyone explain me in details of Real and Effective IDs (6 Replies)
Discussion started by: kkalyan
6 Replies

LEARN ABOUT NETBSD

skey

SKEY(1) 						    BSD General Commands Manual 						   SKEY(1)

NAME

     skey -- respond to an OTP challenge

SYNOPSIS

     skey [-n count] [-p password] [-t hash] [-x] sequence# [/] key

DESCRIPTION

     S/Key is a One Time Password (OTP) authentication system.	It is intended to be used when the communication channel between a user and host
     is not secure (e.g. not encrypted or hardwired).  Since each password is used only once, even if it is "seen" by a hostile third party, it
     cannot be used again to gain access to the host.

     S/Key uses 64 bits of information, transformed by the MD4 algorithm into 6 English words.	The user supplies the words to authenticate him-
     self to programs like login(1) or ftpd(8).

     Example use of the S/Key program skey:

	   % skey  99  th91334
	   Enter password: <your secret password is entered here>
	   OMEN US HORN OMIT BACK AHOY
	   %

     The string that is given back by skey can then be used to log into a system.

     The programs that are part of the S/Key system are:

     skeyinit(1)   used to set up your S/Key.

     skey	   used to get the one time password(s).

     skeyinfo(1)   used to initialize the S/Key database for the specified user.  It also tells the user what the next challenge will be.

     skeyaudit(1)  used to inform users that they will soon have to rerun skeyinit(1).

     When you run skeyinit(1) you inform the system of your secret password.  Running skey then generates the one-time password(s), after requir-
     ing your secret password.	If however, you misspell your secret password that you have given to skeyinit(1) while running skey you will get a
     list of passwords that will not work, and no indication about the problem.

     Password sequence numbers count backward from 99.	You can enter the passwords using small letters, even though skey prints them capitalized.

     The -n count argument asks for count password sequences to be printed out ending with the requested sequence number.

     The hash algorithm is selected using the -t hash option, possible choices here are md4, md5 or sha1.

     The -p password allows the user to specify the S/Key password on the command line.

     To output the S/Key list in hexadecimal instead of words, use the -x option.

EXAMPLES

     Initialize generation of one time passwords:

	   host% skeyinit
	   Password: <normal login password>
	   [Adding username]
	   Enter secret password: <new secret password>
	   Again secret password: <new secret password again>
	   ID username s/key is 99 host12345
	   Next login password: SOME SIX WORDS THAT WERE COMPUTED

     Produce a list of one time passwords to take with to a conference:

	   host% skey -n 3 99 host12345
	   Enter secret password: <secret password as used with skeyinit>
	   97: NOSE FOOT RUSH FEAR GREY JUST
	   98: YAWN LEO DEED BIND WACK BRAE
	   99: SOME SIX WORDS THAT WERE COMPUTED

     Logging in to a host where skey is installed:

	   host% telnet host

	   login: <username>
	   Password [s/key 97 host12345]:

     Note that the user can use either his/her S/Key password at the prompt but also the normal one unless the -s flag is given to login(1).

SEE ALSO

     login(1), skeyaudit(1), skeyinfo(1), skeyinit(1), ftpd(8)

     RFC 2289

TRADEMARKS AND PATENTS

     S/Key is a trademark of Bellcore.

AUTHORS

     Phil Karn
     Neil M. Haller
     John S. Walden
     Scott Chasin

BSD
								   July 25, 2001							       BSD
All times are GMT -4. The time now is 02:12 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy