I created a new site called http://www.goodpassword.com to help users and adminstrators create good, random passwords. It also includes .htaccess encryption.
I'd be interested in feedback ie errors, improvements, additions etc.
Hi @all,
I try to connect 2 LANs with IPSec/Openswan
LAN 1: 192.168.0.0/24
LAN 2: 192.168.1.0/24
This is my Config:
conn HomeVPN # # Left security gateway, subnet behind it, nexthop toward right. left=192.168.1.29 ... (1 Reply)
Q: "Does Cisco 1921 router support,, act as an endpoint for, site to site VPNs using IPSec? If so, how many? "
A: If you get the Cisco 1921/k9 with the security services bundle then it will have built in security features. Cisco, typically includes IP Sec tunnels I believe as part of that... (0 Replies)
Hi,
I am trying to establish vpn between my linux server and cisco asa at client side.
I installed openswan on my cent os.
Linux Server
eth0 - 182.2.29.10
Gateway - 182.2.29.1
eth1 - 192.9.200.75
I have simple IPtables Like
WAN="eth0"
LAN="eth1" (0 Replies)
Hi,
I am using Solaris 10 OS and Bash shell.Is there any way can we automate User creation and setting passwords through a script or any freeware tool.
Advance thanks for your response. (1 Reply)
I'm trying to use lynx --dump to keep an eye on updates for a website.
The site needs a username and password and I can't find a way to log in using lynx --dump
Any ideas??
Thanks in advance! (12 Replies)
Setup a site to site VPN between two cisco routers.
One of the site locations is unable to access ports such as https://example.com:9001
How do I let them go into port 9001?
They can ssh, ftp, telnet and everything else.
Is this a VPN issue or ACL access issue?
I put
permit ip host... (0 Replies)
Hiya All,
How can I test my PERL Scripts whilst making my web site?
I'm hoping there is some software out there that emulates a Web Server - without all the hassle of my building/setting up a Web Server from Stratch (Never done anything like that before - my next big project! 8) )
... (7 Replies)
hi,
i am VERY new to UNIX. just wanted some help on a feedback form that i have hosted on a unix server. the feedback form is in asp and doesnt work on unix. any other language to get it working ?? HELP !!! (3 Replies)
Hi all,
Would like to get some feedback on a scrip that I've finished writing at home for work.
Any constructive feedback from operations used to legibility, etc. would be appreciated - anything at all. It's my first real script that will be running on a clients server.
The script is... (2 Replies)
DACS_PASSWD(8) DACS Web Services Manual DACS_PASSWD(8)NAME
dacs_passwd - manage private DACS passwords
SYNOPSIS
dacs_passwd [dacsoptions[1]]
DESCRIPTION
This program is part of the DACS suite.
The dacs_passwd web service is used to manage usernames and passwords recognized by local_passwd_authenticate[2], a DACS authentication
module. This utility serves a similar purpose for local_passwd_authenticate that Apache's htpasswd(1)[3] command does for its mod_auth[4]
and mod_auth_dbm[5] modules. These accounts and passwords are used only by local_passwd_authenticate and are completely separate from any
other accounts and passwords.
Note
Much of the functionality of this program is also available as a DACS utility, dacspasswd(1)[6], which operates on the same password
files. Because dacs_admin(8)[7] provides the same functionality and more, dacs_passwd may be removed in a future release.
Security
The default DACS ACL restricts use of this web service to a DACS administrator and to users who are setting the password for their own
DACS account at the receiving jurisdiction. Administrators should ensure that the ACL for dacs_passwd is correct for their environment.
OPTIONS
Web Service Arguments
In addition to the standard CGI arguments[8], dacs_passwd understands the following CGI arguments:
OPERATION
The following operations are supported:
o ADD
Like SET but add or replace an entry for USERNAME.
o DELETE
Delete the account for USERNAME.
o DISABLE
Disable the account for USERNAME.
o ENABLE
Enable the account for USERNAME.
o LIST
List USERNAME, if it exists, otherwise all usernames. A disabled account is indicated by a '*' (which is not a valid character in a
username).
o SET
Sets or resets a DACS password for USERNAME to NEW_PASSWORD. The CONFIRM_NEW_PASSWORD argument must also be given and be identical
to NEW_PASSWORD. Unless the operation is performed by a DACS administrator (i.e., an ADMIN_IDENTITY[9]) or disabled by the
PASSWORD_OPS_NEED_PASSWORD[10] directive, the current password for USERNAME must be given as PASSWORD.
Security
For users other than a DACS administrator, a password must meet certain requirements on its length and the character set from
which it is comprised. Note that these requirements are only significant at the time a password is set or changed; existing
passwords are unaffected by changes to the configuration directives. Please refer to the PASSWORD_CONSTRAINTS[11] directive.
Users should be made aware of security issues related to passwords, including better techniques for selecting passwords and
keeping them private.
How to choose better passwords
Users might consider adopting a method such as the one described in this proposal[12]. It suggests that users construct
site-specific passwords from three components:
1. a short, random string (a secret PIN) that will be common to all of the user's passwords;
2. a string derived from a site's domain name using some simple and easy-to-remember procedure (e.g., using the first four
letters or consonents); and
3. a short, site-specific random string (this component is different for each of a user's passwords).
The PIN, is memorized by the user. The other two components may be written down but must be kept in a relatively secure
location (such as in the user's wallet or in a desk drawer). The user forms his or her passwords by combining these three
components in any order that is easy to remember.
For the site www.example.net, a user might select the password "examRB8s#i8", where "exam" is derived from the site's domain
name (component 2), "RB8s" is a random string used with this password only (component 3), and "#i8" is the user's secret PIN
(component 1). Because it is probably difficult to remember, the user might create a note with "examRB8s" written on it
(components 2 and 3), but not the PIN.
For the site dacs.dss.ca, the same user might select the password "dssceIM#i8".
Since most people are not very good at it, the site-specific random string (and, ideally, the PIN as well) should be chosen
using a good-quality random generator, such as the random()[13] function:
% dacsexpr -e "random(string, 4, 'a-zA-Z0-9,./;@#')"
"y2FJ"
In addition to being difficult to guess because of their random components and reasonably large character set, these passwords
are different for each site; should one password be compromised, the others are not immediately available to an attacker.
Similarly, the written strings cannot be immediately exploited if they are stolen or copied. The strength of the method can be
increased by making the PIN longer, or chosen from a larger space of characters.
ACCOUNT
Either PASSWD (the default) or SIMPLE, case insensitively, to select between the item types passwds and simple, respectively. The
requested item type must be configured (see dacs.conf(5)[14]).
USERNAME
The DACS username of interest.
FORMAT
By default, output is emitted in HTML. Several varieties of XML output can be selected, however, using the FORMAT argument (please
refer to dacs(1)[15] and dacs_passwd.dtd[16]).
DIAGNOSTICS
The program exits 0 if everything was fine, 1 if an error occurred.
SEE ALSO dacspasswd(1)[6], dacs.conf(5)[17]
AUTHOR
Distributed Systems Software (www.dss.ca[18])
COPYING
Copyright2003-2012 Distributed Systems Software. See the LICENSE[19] file that accompanies the distribution for licensing information.
NOTES
1. dacsoptions
http://dacs.dss.ca/man/dacs.1.html#dacsoptions
2. local_passwd_authenticate
http://dacs.dss.ca/man/dacs_authenticate.8.html#local_passwd_authenticate
3. htpasswd(1)
http://httpd.apache.org/docs/2.2/programs/htpasswd.html
4. mod_auth
http://httpd.apache.org/docs-2.2/mod/mod_auth.html
5. mod_auth_dbm
http://httpd.apache.org/docs-2.2/mod/mod_auth_dbm.html
6. dacspasswd(1)
http://dacs.dss.ca/man/dacspasswd.1.html
7. dacs_admin(8)
http://dacs.dss.ca/man/dacs_admin.8.html
8. standard CGI arguments
http://dacs.dss.ca/man/dacs.services.8.html#standard_cgi_args
9. ADMIN_IDENTITY
http://dacs.dss.ca/man/dacs.conf.5.html#ADMIN_IDENTITY
10. PASSWORD_OPS_NEED_PASSWORD
http://dacs.dss.ca/man/dacs.conf.5.html#PASSWORD_OPS_NEED_PASSWORD
11. PASSWORD_CONSTRAINTS
http://dacs.dss.ca/man/dacs.conf.5.html#PASSWORD_CONSTRAINTS
12. this proposal
http://www.f-secure.com/weblog/archives/00001691.html
13. random()
http://dacs.dss.ca/man/dacs.exprs.5.html#random
14. dacs.conf(5)
http://dacs.dss.ca/man/dacs.conf.5.html#VFS
15. dacs(1)
http://dacs.dss.ca/man/dacs.1.html
16. dacs_passwd.dtd
http://dacs.dss.ca/man/../dtd-xsd/dacs_passwd.dtd
17. dacs.conf(5)
http://dacs.dss.ca/man/dacs.conf.5.html
18. www.dss.ca
http://www.dss.ca
19. LICENSE
http://dacs.dss.ca/man/../misc/LICENSE
DACS 1.4.27b 10/22/2012 DACS_PASSWD(8)