View previous topic :: View next topic |
Author |
Message |
kamagurka Veteran


Joined: 25 Jan 2004 Posts: 1026 Location: /germany/munich
|
Posted: Thu Feb 23, 2006 12:00 pm Post subject: Force short password |
|
|
I'm trying to change the password for my normal user, but the password I want is rejected as "too short". How can I set it anyway? _________________ If you loved me, you'd all kill yourselves today.
--Spider Jerusalem, the Word |
|
Back to top |
|
 |
frenkel Veteran


Joined: 13 May 2003 Posts: 1034 Location: .nl
|
Posted: Thu Feb 23, 2006 12:10 pm Post subject: |
|
|
You might create the hash yourself using something like openssl and insert it in /etc/shadow |
|
Back to top |
|
 |
kamagurka Veteran


Joined: 25 Jan 2004 Posts: 1026 Location: /germany/munich
|
Posted: Thu Feb 23, 2006 12:14 pm Post subject: |
|
|
You lost me at "hash" XD
No, seriously, you're telling me my box is of the persuasion "short passwords are the spawn of satan" and I can't reasonably set the password I want? When did this happen? I remember a couple of months ago I got a warning that my pw wasn't secure, but I could set it anyway if I wanted. _________________ If you loved me, you'd all kill yourselves today.
--Spider Jerusalem, the Word |
|
Back to top |
|
 |
think4urs11 Bodhisattva


Joined: 25 Jun 2003 Posts: 6659 Location: above the cloud
|
Posted: Thu Feb 23, 2006 12:23 pm Post subject: |
|
|
set the password for the user as root. _________________ Nothing is secure / Security is always a trade-off with usability / Do not assume anything / Trust no-one, nothing / Paranoia is your friend / Think for yourself |
|
Back to top |
|
 |
ghutzl Tux's lil' helper

Joined: 29 May 2005 Posts: 123 Location: Germany
|
Posted: Thu Feb 23, 2006 1:01 pm Post subject: |
|
|
You can set the password rules in the config files you can find in the directory /etc/pam.d . But I have to warn you: I managed to lock my userID by doing wrong settings there! I could unlock it by reversing the changes, but I didn't have backup files, so I had to do it the hard way. So it is key to remember exactly whan you changed in order to be able to reverse the changes if something fails. I recommend you make backup copies of all files you change there.
Here is my /etc/pam.d/system-auth:
Quote: | #%PAM-1.0
auth required pam_env.so
auth sufficient pam_unix.so likeauth nullok
auth required pam_deny.so
account required pam_unix.so
###########################################
password required pam_cracklib.so difok=2 minlen=8 retry=3
###########################################
password sufficient pam_unix.so nullok md5 shadow use_authtok
password required pam_deny.so
session required pam_limits.so
session required pam_unix.so |
Look for the line I highlighted by "###...". There you see some parameters after pam_cracklib.so. One of them is "minlen=8" This means the minimum password length is 8. Check if you have set that value and change it to whatever you like. But remember that short passwords are easily cracked by brute force attacks. That is the reason why a minimum length is sometimes required. |
|
Back to top |
|
 |
cwest n00b


Joined: 13 Jun 2005 Posts: 72 Location: Oslo, Norway
|
Posted: Thu Feb 23, 2006 1:12 pm Post subject: |
|
|
Best solution if you really want a short password, but don't want to risk messing up your box:
Think4UrS11 wrote: | set the password for the user as root. |
Where "username" is the username you want to change the password of.
Do NOT change the password into something easily crackable if you are exposing yourself through SSH - it WILL someday prove fatal  _________________
freelight wrote: | Any society that can be destroyed by the free flow of information probably should be. |
|
|
Back to top |
|
 |
kamagurka Veteran


Joined: 25 Jan 2004 Posts: 1026 Location: /germany/munich
|
Posted: Thu Feb 23, 2006 5:08 pm Post subject: |
|
|
Cool, thanks. Didn't think of setting it as root. Actually makes a lot of sense, securitywise.
Is there a way to have different passwords for ssh and local logins? That would really rock. _________________ If you loved me, you'd all kill yourselves today.
--Spider Jerusalem, the Word |
|
Back to top |
|
 |
Gatta n00b

Joined: 28 Mar 2004 Posts: 53
|
Posted: Thu Feb 23, 2006 5:16 pm Post subject: |
|
|
kamagurka wrote: | Cool, thanks. Didn't think of setting it as root. Actually makes a lot of sense, securitywise.
Is there a way to have different passwords for ssh and local logins? That would really rock. |
Not that I know of, but an adequate solution might be to have a short password, disable SSH password login, and use a key (maybe on a USB stick). |
|
Back to top |
|
 |
|