Password rules not effective Post: 302728025

Sponsored Content

Special Forums Cybersecurity Password rules not effective Post 302728025 by rbatte1 on Wednesday 7th of November 2012 08:42:24 AM

11-07-2012

Moderator

Password rules not effective

I was looking for a good list of words to exclude people from using as passwords, i.e. those that could be guessed easily. I'm working through a whole bunch of suggestions from skullsecurity.org, but I managed to find this page that seems to suggest I have more options than I thought.

I have a server built at AIX 6.1.3.0, but recently brought up to AIX 6.1.7.5, so I think I qualify, but there have been no changes to /etc/security/user by the update. Smilie

Adding a record in the default: stanza for minloweralpha has no effect. Smilie

Back on quest for a dictionary list, the suggestions on the document are shown for excluding the sequence "123" from a user selected password, but I can't get that to work either. Does anyone have it working and can point out why I am being a fool? Smilie

My personal stanza in /etc/security/user has a dictionlist definition and I can prove that it is effective for excluding specific words, such as password but I'd prefer to craft some woolly rules to exclude our usual suspects like "July2012" etc.

Am I just missing something obvious? I have just installed bos.data from the original media, which has given me a /usr/share/dict/words file full of all sorts of stuff, but they are all explicit exclusions and I still can't get either of the above to work. Smilie

..... and why does : wall : appear as a question box now?

Many apologies and thanks, in advance,

Robin
Liverpool/Blackburn
UK

Last edited by rbatte1; 11-08-2012 at 08:41 AM..

rbatte1

View Public Profile for rbatte1

Visit rbatte1's homepage!

Find all posts by rbatte1

7 More Discussions You Might Find Interesting

1. Cybersecurity

Changing effective user

I would like to give execution rights for a script to one user. (that's the easy part...) When that user is running the script, I would like the effective user ID to be that of the file-owner. Is this possible?

2. UNIX for Dummies Questions & Answers

Variables for Effective Username?

Hey all, I'm glad to have found this forum as I'm trying to dive head first into Solaris 8 - been working with it for a few months now and am finally getting a bit comfortable with the layout and concepts. In any case, on to the questions... :D I was wondering how I would go about displaying...

3. UNIX for Dummies Questions & Answers

most effective search ?

what's the most efficient and effective search for a file in a dir ? I see many guys use this # find - print or something as such ? and sometimes pipe it to something else ? Is there a better way of using "grep" in all of this ? thanks simon2000

4. UNIX for Dummies Questions & Answers

Changing the Effective Group ID

Here is my situation. On a RedHat 7.3 box, I have a user named jody. When I log in with jody and type in "id", I get the expected output: uid=1(jody) gid=1(jody) groups=1(jody), 510(test) However, I cannot figure which "id" option allows me to change the effective gid. I tried the options...

5. UNIX for Dummies Questions & Answers

Server wide password enforcement rules? 90 day force change.

Using Solaris 9 and 10. What we want to do is set up global rules for our password files to restrict all users, not only new ones set up with the rules but also the ones that have been sitting on the system for years. Is there a global way to force all users to change their password every 90...

6. UNIX for Dummies Questions & Answers

rules for new password?

What are the rules for choosing a new password when the old one expires? I notice when I try to use a password that is similar to my previous one then it won't take it. Got me wondering what the exact rules are- as in, how different does it have to be from previous passwords.

7. UNIX for Dummies Questions & Answers

Real and Effective IDs

Can anyone explain me in details of Real and Effective IDs

LEARN ABOUT POSIX

systemd-ask-password-console.service

SYSTEMD-ASK-PASSWORD-CONSOLE.SERVICE(8) 	       systemd-ask-password-console.service		   SYSTEMD-ASK-PASSWORD-CONSOLE.SERVICE(8)

NAME

       systemd-ask-password-console.service, systemd-ask-password-console.path, systemd-ask-password-wall.service, systemd-ask-password-wall.path
       - Query the user for system passwords on the console and via wall

SYNOPSIS

       systemd-ask-password-console.service

       systemd-ask-password-console.path

       systemd-ask-password-wall.service

       systemd-ask-password-wall.path

DESCRIPTION

       systemd-ask-password-console.service is a system service that queries the user for system passwords (such as hard disk encryption keys and
       SSL certificate passphrases) on the console. It is intended to be used during boot to ensure proper handling of passwords necessary for
       boot.  systemd-ask-password-wall.service is a system service that informs all logged in users for system passwords via wall(1). It is
       intended to be used after boot to ensure that users are properly notified.

       See the developer documentation[1] for more information about the system password logic.

       Note that these services invoke systemd-tty-ask-password-agent(1) with either the --watch --console or --watch --wall command line
       parameters.

SEE ALSO

       systemd(1), systemd-tty-ask-password-agent(1), wall(1)

NOTES

	1. developer documentation
	   https://www.freedesktop.org/wiki/Software/systemd/PasswordAgents

systemd 237												   SYSTEMD-ASK-PASSWORD-CONSOLE.SERVICE(8)