Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Password rules not effective
Special Forums Cybersecurity Password rules not effective Post 302730359 by DGPickett on Monday 12th of November 2012 05:03:32 PM
Old 11-12-2012
With all the languages of the world, dictionary tests are bad. Some sort of checksum history can keep them off the last N passwords. Make a rule that every password has to have both upper and lower case, a number and a special, with no more than 3 of anything in a row, so Hello1! amd HELLo1! are not legal, but heLLo1! is OK. The breaks up phone numbers, anniversaries (the most popular?), words, names, etc.
 

7 More Discussions You Might Find Interesting

1. Cybersecurity

Changing effective user

I would like to give execution rights for a script to one user. (that's the easy part...) When that user is running the script, I would like the effective user ID to be that of the file-owner. Is this possible? (6 Replies)
Discussion started by: hilmel
6 Replies

2. UNIX for Dummies Questions & Answers

Variables for Effective Username?

Hey all, I'm glad to have found this forum as I'm trying to dive head first into Solaris 8 - been working with it for a few months now and am finally getting a bit comfortable with the layout and concepts. In any case, on to the questions... :D I was wondering how I would go about displaying... (3 Replies)
Discussion started by: QuadMonk
3 Replies

3. UNIX for Dummies Questions & Answers

most effective search ?

what's the most efficient and effective search for a file in a dir ? I see many guys use this # find - print or something as such ? and sometimes pipe it to something else ? Is there a better way of using "grep" in all of this ? thanks simon2000 (3 Replies)
Discussion started by: simon2000
3 Replies

4. UNIX for Dummies Questions & Answers

Changing the Effective Group ID

Here is my situation. On a RedHat 7.3 box, I have a user named jody. When I log in with jody and type in "id", I get the expected output: uid=1(jody) gid=1(jody) groups=1(jody), 510(test) However, I cannot figure which "id" option allows me to change the effective gid. I tried the options... (2 Replies)
Discussion started by: Jody
2 Replies

5. UNIX for Dummies Questions & Answers

Server wide password enforcement rules? 90 day force change.

Using Solaris 9 and 10. What we want to do is set up global rules for our password files to restrict all users, not only new ones set up with the rules but also the ones that have been sitting on the system for years. Is there a global way to force all users to change their password every 90... (1 Reply)
Discussion started by: LordJezo
1 Replies

6. UNIX for Dummies Questions & Answers

rules for new password?

What are the rules for choosing a new password when the old one expires? I notice when I try to use a password that is similar to my previous one then it won't take it. Got me wondering what the exact rules are- as in, how different does it have to be from previous passwords. (1 Reply)
Discussion started by: zTodd
1 Replies

7. UNIX for Dummies Questions & Answers

Real and Effective IDs

Can anyone explain me in details of Real and Effective IDs (6 Replies)
Discussion started by: kkalyan
6 Replies

LEARN ABOUT CENTOS

rlm_pap

rlm_pap(5)							 FreeRADIUS Module							rlm_pap(5)

NAME

       rlm_pap - FreeRADIUS Module

DESCRIPTION

       The  rlm_pap  module  authenticates RADIUS Access-Request packets that contain a User-Password attribute.  The module should also be listed
       last in the authorize section, so that it can set the Auth-Type attribute as appropriate.

       When a RADIUS packet contains a clear-text password in the form of a User-Password attribute, the rlm_pap module may be used for  authenti-
       cation.	The module requires a "known good" password, which it uses to validate the password given in the RADIUS packet.  That "known good"
       password must be supplied by another module (e.g. rlm_files, rlm_ldap, etc.), and is usually taken from a database.

CONFIGURATION

       The only relevant configuration item is:

       auto_header
	      If set to "yes", the module will look inside of the User-Password attribute for the headers {crypt}, {clear}, etc., and  will  auto-
	      matically create the appropriate attribute, with the correct value.

       This module understands many kinds of password hashing methods, as given by the following table.

       Header	    Attribute	       Description
       ------	    ---------	       -----------
       {clear}	    Cleartext-Password clear-text passwords
       {cleartext}  Cleartext-Password clear-text passwords
       {crypt}	    Crypt-Password     Unix-style "crypt"ed passwords
       {md5}	    MD5-Password       MD5 hashed passwords
       {smd5}	    SMD5-Password      MD5 hashed passwords, with a salt
       {sha}	    SHA-Password       SHA1 hashed passwords
       {ssha}	    SSHA-Password      SHA1 hashed passwords, with a salt
       {nt}	    NT-Password        Windows NT hashed passwords
       {x-nthash}   NT-Password        Windows NT hashed passwords
       {lm}	    LM-Password        Windows Lan Manager (LM) passwords.

       The  module  tries  to  be  flexible  when  handling  the various password formats.  It will automatically handle Base-64 encoded data, hex
       strings, and binary data, and convert them to a format that the server can use.

       It is important to understand the difference between the User-Password and Cleartext-Password attributes.  The Cleartext-Password attribute
       is  the "known good" password for the user.  Simply supplying the Cleartext-Password to the server will result in most authentication meth-
       ods working.  The User-Password attribute is the password as typed in by the user on their private machine.  The two are not the same,  and
       should  be  treated  very differently.  That is, you should generally not use the User-Password attribute anywhere in the RADIUS configura-
       tion.

       For backwards compatibility, there are old configuration parameters which may be work, although we do not recommend using them.

SECTIONS

       authorize authenticate

FILES

       /etc/raddb/radiusd.conf

SEE ALSO

       radiusd(8), radiusd.conf(5)

AUTHOR

       Alan DeKok <aland@freeradius.org>

								    6 June 2008 							rlm_pap(5)
All times are GMT -4. The time now is 08:35 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy