sxetika me to PAM...

Tasos Kotaras akota at intranet.gr
Thu Jun 21 09:54:01 EEST 2001


Tassos Bassoukos wrote:

> On Wed, 20 Jun 2001, Tasos Kotaras wrote:
>
> > Pws einai dynaton na apenergopoihsei kaneis toys elegxoys poy kanei to
> > PAM otan trexw thn entolh passwd? Gia kapoion logo, 8elw na mporw na
> > dinw apla passwords, eite mikra se mhkos eite le3eis biblio8hkhs. An
> > balw se sxolia ta periexomena toy /etc/pam.d/passwd, tote to passwd den
> > paizei ka8oloy... Enw me to PAM energopoihmeno, den mporw na meiwsw thn
> > aysthrothta toy pera apo ena orio.
> >
> > Exei kaneis kammian idea gia to ti prepei na kanw;
> >
> > Tasos
>
> Maloon exeis mia grammh san :
> password   required   pam_unix.so nullok obscure min=4 max=8 md5
>

E loipon oxi! Na ti exw sto /etc/pam.d/passwd:

auth       required /lib/security/pam_pwdb.so shadow nullok
account    required /lib/security/pam_pwdb.so
password   required /lib/security/pam_cracklib.so retry=3 type=LINUX
#password   required /lib/security/pam_cracklib.so retry=3 minlen=6 difok=1 dcredit=2

password   required /lib/security/pam_pwdb.so use_authtok nullok md5 shadow

>
> Aplws bgale to obscure, kai bale min=0 ....

To ekana kai ayto, alla pali pairnw diafora "BAD_PASSWORD..." mhnymata. Sthn trith
prospa8eia skaei (opws anamenetai allwste), alla moy petaei ena mhnyma poy me bazei
se skepseis:
"authentication token manipulation error"
Exei na kanei se tipota me ton kerbero; (Se ayto to 8ema eimai asxetos...)

>
> Oh, kai ean exeis cracklib, bgale to kai ayto.

An loipon prospa8hsw na bgalw thn 3h grammh (ayth me to cracklib), tote ginontai ta
e3hs:

prompt> passwd
(current) UNIX password: *****
passwd: authentication information cannot be recovered

Telos pantwn, o Giwrgos o Keramidas, kala kanei kai moy "thn mpainei" etsi gia to
8ema toy security, alla eipa na ri3w ligo nero sto krasi moy gia dyo logoys:
a) o sygkekrimenos server exei poly periorismenh embeleia - kai epipleon den
"bgainei" sto internet kai
b) exoyme ena UNIX diktyo sto opoio 8a h8ela na exoyme prosbash mesw toy NIS. OK,
ayto doyleyei swsta genika, alla osoi eixan diale3ei eykola passwords sto UNIX diktyo
(allos admin ekei), den mporoyn na dhmioyrghsoyn to idio password ston linux server
poy esthsa egw... 8a moy peite bebaia na balw toys xrhstes na alla3oyn ta passwords
sto UNIX, alla telos pantwn, to exw parei kai ligo ...peismatika to 8ema!

Pantws, eyxaristw gia tis apanthseis

Tasos

       `\|||/
       (@@)
  ooO_(_)_Ooo________________________________
  _____|_____|_____|_____|_____|_____|_____|_____|
_____|__________|_____|_____|____|_____|____|_____
|________Tasos Kotaras___|_____|____|_____|_____|
___|______Electrical Engineer_____|____|______|___
|_______|___INTRACOM___|_____|______|______|____
_____|______|____Access Network & Wireless ___|
_|______|______|_Communications Dept._|____|
_____|_____|_____Peania 19002, Greece____|___
|___e-mail: akota at intranet.gr___|___|______|____|
_____Phone: +30 1 6690185______|_______|______





More information about the Linux-greek-users mailing list