5 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
Hi every body!
Any one ever tried to inject the output of JASS into mysql
or know of a method or script to do this
Thk
Dan (0 Replies)
Discussion started by: Ex-Capsa
0 Replies
2. Solaris
Hi gurus,
Need you help here:
How we can implement
I have edited /etc/default/login as TIMEOUT=60
But user is not Logged out after 60 sec inactivity. How we can implement this?
e.g 3 bad passwords and the user is locked. And it is locked for certain period e.g 20 min. (1 Reply)
Discussion started by: Asteroid
1 Replies
3. Solaris
Hi all,
I have some questions for you about Solaris 9 security (if you also know the answers for Red Hat enterprise linux 3 et HP UX 11i, this would help too). I have already found many documents about general UNIX security, but some points are still obscure.
Please take time to try to help... (3 Replies)
Discussion started by: Aaclof
3 Replies
4. Solaris
Hi all,
I'm using Solaris 8 right now. Recently I've a task that needs to log down all unsuccessful login to a log for auditing purpose. What steps do I have to take to log down all login failure logs? Do I've to edit a certain file for it or done by the X-window mode?
BTW, do I have to... (2 Replies)
Discussion started by: heero
2 Replies
5. News, Links, Events and Announcements
have a look:
http://www.softpanorama.org/Solaris/Whitepaper/index.shtml#Executive_Summary
gP (4 Replies)
Discussion started by: pressy
4 Replies
LEARN ABOUT REDHAT
ckpasswd
CKPASSWD(1) InterNetNews Documentation CKPASSWD(1)
NAME
ckpasswd - nnrpd password authenticator
SYNOPSIS
ckpasswd [-s] [-d database] [-f filename]
DESCRIPTION
ckpasswd is the basic password authenticator for nnrpd, suitable for being run from an auth stanza in readers.conf(5). See readers.conf(5)
for more information on how to configure an nnrpd authenticator.
ckpasswd accepts a username and password from nnrpd and tells nnrpd(8) whether that's the correct password for that username. By default,
when given no arguments, it checks the password against the password field returned by getpwnam(3). Note that these days most systems no
longer make real passwords available via getpwnam(3) (some still do if and only if the program calling getpwnam(3) is running as root).
Note that ckpasswd expects all passwords to be stored encrypted by the system crypt(3) function and calls crypt(3) on the supplied password
before comparing it to the expected password.
OPTIONS
-d database
Read passwords from a database (ndbm or dbm format depending on what your system has) rather than by using getpwnam(3). ckpasswd
expects database.dir and database.pag to exist and to be a database keyed by username with the encrypted passwords as the values.
While INN doesn't come with a program intended specifically to create such databases, on most systems it's fairly easy to write a Perl
script to do so. Something like:
#!/usr/bin/perl
use NDBM_File;
use Fcntl;
tie (%db, 'NDBM_File', '/path/to/database', O_RDWR | O_CREAT, 0640)
or die "Cannot open /path/to/database: $!
";
$| = 1;
print "Username: ";
my $user = <STDIN>;
chomp $user;
print "Password: ";
my $passwd = <STDIN>;
chomp $passwd;
my @alphabet = ('.', '/', 0..9, 'A'..'Z', 'a'..'z');
my $salt = join '', @alphabet[rand 64, rand 64];
$db{$user} = crypt ($passwd, $salt);
untie %db;
Note that this will echo back the password when typed; there are obvious improvements that could be made to this, but it should be a
reasonable start.
This option will not be available on systems without dbm or ndbm libraries.
-f filename
Read passwords from the given file rather than using getpwnam(3). The file is expected to be formatted like a system password file, at
leat vaguely. That means each line should look something like:
username:pdIh9NCNslkq6
(and each line may have an additional colon after the encrypted password and additional data; that data will be ignored by ckpasswd).
INN does not come with a utility to create the encrypted passwords, but it's a quick job with Perl (see the example script under -d).
-s Check passwords against the result of getspnam(3) instead of getpwnam(3). This function, on those systems that supports it, reads from
/etc/shadow or similar more restricted files. If you want to check passwords supplied to nnrpd(8) against system account passwords,
you will probably have to use this option on most systems.
Most systems require special privileges to call getspnam(3), so in order to use this option you may need to make ckpasswd setgid to
some group (like group "shadow") or even setuid root. ckpasswd has not been specifically audited for such uses! It is, however, a
very small program that you should be able to check by hand for security.
This configuration is not recommended if it can be avoided, since the NNTP protocol has no way of protecting passwords from casual
interception, and using system passwords to authenticate NNTP connections therefore opens you up to the risk of password sniffing. If
you do use system passwords to authenticate connections, you should seriously consider only doing NNTP through ssh tunnels or over SSL.
EXAMPLES
See readers.conf(5) for examples of nnrpd(8) authentication configuration that uses ckpasswd to check passwords.
HISTORY
Written by Russ Allbery <rra@stanford.edu> for InterNetNews.
$Id: ckpasswd.1,v 1.1.2.1 2000/11/06 08:41:11 rra Exp $
SEE ALSO
readers.conf(5), nnrpd(8)
3rd Berkeley Distribution INN 2.3 CKPASSWD(1)