08-13-2019
This seems to be a bad plan from the start. Writing passwords anywhere should be avoided. Anyone who can read the code that reads the password can probably just read the password for themselves.
A few questions:-
- Why would your application need to know the password? Does it become the account for certain actions?
- Could you not set up sudo access to allow people to become the account when they need to? This is auditable too.
- Is this a database account or something? You may be able to define it as authorised externally to the database, i.e. the DB trusts the OS validation.
- How would you use the password anyway?
It just seems a bad plan to me (sorry) and we may be able to find a better way that maybe even negates the need to have it changed regularly (i.e locked for password login entirely) so saving the Access Management team a task too.
I'm just confused and want to avoid building a service with exposures.
Robin
8 More Discussions You Might Find Interesting
1. Windows & DOS: Issues & Discussions
Is it possible to export your saved profiles in F-secure. I have looked in F-secure's documentation, on google, here, and other places and can't seem to figure out how to do it.
It seems like such a simple task... (0 Replies)
Discussion started by: dangral
0 Replies
2. UNIX for Advanced & Expert Users
Hi,
Can I just quick pick everyone brain here about the following:
There is a security audit going on at the company I work for and one of the things that needed to be resolved was that there were a lot of users who don't have a home directory.
As this is a fairly large environment of over... (5 Replies)
Discussion started by: Solarius
5 Replies
3. Linux
Hi,
Can anyone please guide me how can I remove/block a user from a server access.
/usr/sbin/adduser -d /home/john john
echo ****** | passwd --stdin john
I used the above command to add a user "john". How do I delete and block john.
Appreciate your responses. (1 Reply)
Discussion started by: sureshcisco
1 Replies
4. Linux
A gnome session is launched by UserA of System A, I am connected to userB of System B(or A) through PUTTY. I want to launch an application for eg: gedit through Putty in the display of system A. how can I achieve this.
for eg:-
root is logged in to System A, with gdm.
DISPLAY=0.0, ip =... (4 Replies)
Discussion started by: Sivaswami
4 Replies
5. Linux
We have
Server 1 - mounts an NFS share from another server to a users directory.
Server 2 - has NFS share and the share only allows access from Server 1.
How can we make sure no other users on Server 1 can access the NFS mount? (5 Replies)
Discussion started by: Adrnalnrsh
5 Replies
6. Programming
Hi, all,
I am a newbie to linux authentication part.
Questions below really puzzle me:
How to authenticate users from local storage(passwd shadow) and nis server?
(Without PAM)
getpwnam_r() will return a '*' in the pw_passwd field of "struct passwd".
I can parse /etc/shadow. But how... (1 Reply)
Discussion started by: mythmgn
1 Replies
7. Solaris
Dear all,
I am a beginner with Solaris.
I unfortunately remove the Application Manager from the Front Panel, and I really don't know how to put it again, or from where launch it...
Could anyone help me? (1 Reply)
Discussion started by: avr
1 Replies
8. Shell Programming and Scripting
Hi,
currently, I have a problem in a stress test bash script.
i´m using the following command:
while true; do echo $"command" | ./myprogram; sleep 0.4; done
--> myprogram is watching for stdin via select
The problem is that it will work a couple of times. After that, the stdin fd... (3 Replies)
Discussion started by: bertl100
3 Replies
LEARN ABOUT CENTOS
lchage
lchage(1) General Commands Manual lchage(1)
NAME
lchage - Display or change user password policy
SYNOPSIS
lchage [OPTION]... user
DESCRIPTION
Displays or allows changing password policy of user.
OPTIONS
-d, --date=days
Set the date of last password change to days after Jan 1 1970.
Set days to -1 to disable password expiration (i.e. to ignore --mindays, and --maxdays and related settings).
Set days to 0 to enforce password change on next login. (This also disables password expiration until the password is changed.)
-E, --expire=days
Set the account expiration date to days after Jan 1 1970. Set days to -1 to disable account expiration.
-i, --interactive
Ask all questions when connecting to the user database, even if default answers are set up in libuser configuration.
-I, --inactive=days
Disable the account after days after password expires (after the user is required to change the password). Set days to -1 to keep
the account enabled indefinitely after password expiration.
-l, --list
Only list current user's policy and make no changes.
-m, --mindays=days
Require at least days days between password changes. Set days to 0 or -1 to disable this requirement.
If this value is larger than the value set by --maxdays, the user cannot change the pasword.
-M, --maxdays=days
Require changing the password after days since last password change. Set days to -1 to disable password expiration.
-W, --warndays=days
Start warning the user days before password expires (before the user is required to change the password). Set days to 0 or -1 to
disable the warning.
EXIT STATUS
The exit status is 0 on success, nonzero on error.
NOTES
Note that "account expiration" (set by --expire) is distinct from "password expiration" (set by --maxdays). Account expiration happens on
a fixed date regardless of password changes. Password expiration is relative to the date of last password change.
libuser Nov 8 2012 lchage(1)