11-12-2012
With all the languages of the world, dictionary tests are bad. Some sort of checksum history can keep them off the last N passwords. Make a rule that every password has to have both upper and lower case, a number and a special, with no more than 3 of anything in a row, so Hello1! amd HELLo1! are not legal, but heLLo1! is OK. The breaks up phone numbers, anniversaries (the most popular?), words, names, etc.
7 More Discussions You Might Find Interesting
1. Cybersecurity
I would like to give execution rights for a script to one user. (that's the easy part...)
When that user is running the script, I would like the effective user ID to be that of the file-owner. Is this possible? (6 Replies)
Discussion started by: hilmel
6 Replies
2. UNIX for Dummies Questions & Answers
Hey all, I'm glad to have found this forum as I'm trying to dive head first into Solaris 8 - been working with it for a few months now and am finally getting a bit comfortable with the layout and concepts. In any case, on to the questions... :D
I was wondering how I would go about displaying... (3 Replies)
Discussion started by: QuadMonk
3 Replies
3. UNIX for Dummies Questions & Answers
what's the most efficient and effective search for a file in a dir ?
I see many guys use this
# find - print
or something as such ? and sometimes pipe it to something else ?
Is there a better way of using "grep" in all of this ?
thanks
simon2000 (3 Replies)
Discussion started by: simon2000
3 Replies
4. UNIX for Dummies Questions & Answers
Here is my situation. On a RedHat 7.3 box, I have a user named jody.
When I log in with jody and type in "id", I get the expected output:
uid=1(jody) gid=1(jody) groups=1(jody), 510(test)
However, I cannot figure which "id" option allows me to change the effective gid. I tried the options... (2 Replies)
Discussion started by: Jody
2 Replies
5. UNIX for Dummies Questions & Answers
Using Solaris 9 and 10.
What we want to do is set up global rules for our password files to restrict all users, not only new ones set up with the rules but also the ones that have been sitting on the system for years.
Is there a global way to force all users to change their password every 90... (1 Reply)
Discussion started by: LordJezo
1 Replies
6. UNIX for Dummies Questions & Answers
What are the rules for choosing a new password when the old one expires? I notice when I try to use a password that is similar to my previous one then it won't take it. Got me wondering what the exact rules are- as in, how different does it have to be from previous passwords. (1 Reply)
Discussion started by: zTodd
1 Replies
7. UNIX for Dummies Questions & Answers
Can anyone explain me in details of Real and Effective IDs (6 Replies)
Discussion started by: kkalyan
6 Replies
LEARN ABOUT CENTOS
rlm_pap
rlm_pap(5) FreeRADIUS Module rlm_pap(5)
NAME
rlm_pap - FreeRADIUS Module
DESCRIPTION
The rlm_pap module authenticates RADIUS Access-Request packets that contain a User-Password attribute. The module should also be listed
last in the authorize section, so that it can set the Auth-Type attribute as appropriate.
When a RADIUS packet contains a clear-text password in the form of a User-Password attribute, the rlm_pap module may be used for authenti-
cation. The module requires a "known good" password, which it uses to validate the password given in the RADIUS packet. That "known good"
password must be supplied by another module (e.g. rlm_files, rlm_ldap, etc.), and is usually taken from a database.
CONFIGURATION
The only relevant configuration item is:
auto_header
If set to "yes", the module will look inside of the User-Password attribute for the headers {crypt}, {clear}, etc., and will auto-
matically create the appropriate attribute, with the correct value.
This module understands many kinds of password hashing methods, as given by the following table.
Header Attribute Description
------ --------- -----------
{clear} Cleartext-Password clear-text passwords
{cleartext} Cleartext-Password clear-text passwords
{crypt} Crypt-Password Unix-style "crypt"ed passwords
{md5} MD5-Password MD5 hashed passwords
{smd5} SMD5-Password MD5 hashed passwords, with a salt
{sha} SHA-Password SHA1 hashed passwords
{ssha} SSHA-Password SHA1 hashed passwords, with a salt
{nt} NT-Password Windows NT hashed passwords
{x-nthash} NT-Password Windows NT hashed passwords
{lm} LM-Password Windows Lan Manager (LM) passwords.
The module tries to be flexible when handling the various password formats. It will automatically handle Base-64 encoded data, hex
strings, and binary data, and convert them to a format that the server can use.
It is important to understand the difference between the User-Password and Cleartext-Password attributes. The Cleartext-Password attribute
is the "known good" password for the user. Simply supplying the Cleartext-Password to the server will result in most authentication meth-
ods working. The User-Password attribute is the password as typed in by the user on their private machine. The two are not the same, and
should be treated very differently. That is, you should generally not use the User-Password attribute anywhere in the RADIUS configura-
tion.
For backwards compatibility, there are old configuration parameters which may be work, although we do not recommend using them.
SECTIONS
authorize authenticate
FILES
/etc/raddb/radiusd.conf
SEE ALSO
radiusd(8), radiusd.conf(5)
AUTHOR
Alan DeKok <aland@freeradius.org>
6 June 2008 rlm_pap(5)