Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Force short password
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
kamagurka
Veteran
Veteran


Joined: 25 Jan 2004
Posts: 1026
Location: /germany/munich

PostPosted: Thu Feb 23, 2006 12:00 pm    Post subject: Force short password Reply with quote

I'm trying to change the password for my normal user, but the password I want is rejected as "too short". How can I set it anyway?
_________________
If you loved me, you'd all kill yourselves today.
--Spider Jerusalem, the Word
Back to top
View user's profile Send private message
frenkel
Veteran
Veteran


Joined: 13 May 2003
Posts: 1034
Location: .nl

PostPosted: Thu Feb 23, 2006 12:10 pm    Post subject: Reply with quote

You might create the hash yourself using something like openssl and insert it in /etc/shadow
Back to top
View user's profile Send private message
kamagurka
Veteran
Veteran


Joined: 25 Jan 2004
Posts: 1026
Location: /germany/munich

PostPosted: Thu Feb 23, 2006 12:14 pm    Post subject: Reply with quote

You lost me at "hash" XD
No, seriously, you're telling me my box is of the persuasion "short passwords are the spawn of satan" and I can't reasonably set the password I want? When did this happen? I remember a couple of months ago I got a warning that my pw wasn't secure, but I could set it anyway if I wanted.
_________________
If you loved me, you'd all kill yourselves today.
--Spider Jerusalem, the Word
Back to top
View user's profile Send private message
think4urs11
Bodhisattva
Bodhisattva


Joined: 25 Jun 2003
Posts: 6659
Location: above the cloud

PostPosted: Thu Feb 23, 2006 12:23 pm    Post subject: Reply with quote

set the password for the user as root.
_________________
Nothing is secure / Security is always a trade-off with usability / Do not assume anything / Trust no-one, nothing / Paranoia is your friend / Think for yourself
Back to top
View user's profile Send private message
ghutzl
Tux's lil' helper
Tux's lil' helper


Joined: 29 May 2005
Posts: 123
Location: Germany

PostPosted: Thu Feb 23, 2006 1:01 pm    Post subject: Reply with quote

You can set the password rules in the config files you can find in the directory /etc/pam.d . But I have to warn you: I managed to lock my userID by doing wrong settings there! I could unlock it by reversing the changes, but I didn't have backup files, so I had to do it the hard way. So it is key to remember exactly whan you changed in order to be able to reverse the changes if something fails. I recommend you make backup copies of all files you change there.

Here is my /etc/pam.d/system-auth:
Quote:
#%PAM-1.0

auth required pam_env.so
auth sufficient pam_unix.so likeauth nullok
auth required pam_deny.so

account required pam_unix.so

###########################################
password required pam_cracklib.so difok=2 minlen=8 retry=3
###########################################
password sufficient pam_unix.so nullok md5 shadow use_authtok
password required pam_deny.so

session required pam_limits.so
session required pam_unix.so


Look for the line I highlighted by "###...". There you see some parameters after pam_cracklib.so. One of them is "minlen=8" This means the minimum password length is 8. Check if you have set that value and change it to whatever you like. But remember that short passwords are easily cracked by brute force attacks. That is the reason why a minimum length is sometimes required.
Back to top
View user's profile Send private message
cwest
n00b
n00b


Joined: 13 Jun 2005
Posts: 72
Location: Oslo, Norway

PostPosted: Thu Feb 23, 2006 1:12 pm    Post subject: Reply with quote

Best solution if you really want a short password, but don't want to risk messing up your box:
Think4UrS11 wrote:
set the password for the user as root.


Code:
su
passwd username

Where "username" is the username you want to change the password of.

Do NOT change the password into something easily crackable if you are exposing yourself through SSH - it WILL someday prove fatal ;)
_________________
freelight wrote:
Any society that can be destroyed by the free flow of information probably should be.
Back to top
View user's profile Send private message
kamagurka
Veteran
Veteran


Joined: 25 Jan 2004
Posts: 1026
Location: /germany/munich

PostPosted: Thu Feb 23, 2006 5:08 pm    Post subject: Reply with quote

Cool, thanks. Didn't think of setting it as root. Actually makes a lot of sense, securitywise.
Is there a way to have different passwords for ssh and local logins? That would really rock.
_________________
If you loved me, you'd all kill yourselves today.
--Spider Jerusalem, the Word
Back to top
View user's profile Send private message
Gatta
n00b
n00b


Joined: 28 Mar 2004
Posts: 53

PostPosted: Thu Feb 23, 2006 5:16 pm    Post subject: Reply with quote

kamagurka wrote:
Cool, thanks. Didn't think of setting it as root. Actually makes a lot of sense, securitywise.
Is there a way to have different passwords for ssh and local logins? That would really rock.


Not that I know of, but an adequate solution might be to have a short password, disable SSH password login, and use a key (maybe on a USB stick).
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum