Archive for the tag 'password'

SBDavid

Reset a lost MySQL root password

MySQL - reset a lost MySQL root password

The MySQL root password allows full access to the MySQL database and allows for all actions to be undertaken including creating new users, new databases, setting access rules and so on.

The first thing to do is stop MySQL.

sudo /etc/init.d/mysql stop

Now start mysql in safe mode.

Next we need to start MySQL in safe mode - that is to say, we will start MySQL but skip the user privileges table.

sudo mysqld_safe –skip-grant-tables &

*ampersand (&) at the end of the command is required.

Login

mysql -u root

Next, instruct MySQL which database to use:

use mysql;

Reset password
Enter the new password for the root user as follows:

update user set password=PASSWORD(”mynewpassword”) where User=’root’;

and finally, flush the privileges and then stop and start mysql.

flush privileges;

How can I change/repair my Admin account if the password in Plesk?

Unable to connect to database
login.php3: Unable to connect to database: Permission denied
ERROR 1045: Access denied for user: ‘admin@localhost’ (Using password: YES)

First try to restart Parallels Plesk Panel:

# /etc/init.d/psa restart

Check that the /etc/psa/.psa.shadow file has valid permissions. The right permissions would be

# ls -la /etc/psa/.psa.shadow
-rw——- 1 psaadm psaadm 5 Feb 26 11:22 /etc/psa/.psa.shadow

In case you have any other permission, you should change it using the following command:

# chown psaadm:psaadm /etc/psa/.psa.shadow
# chmod 600 /etc/psa/.psa.shadow

Check that Mysql server is running and working properly using the “ps ax | grep mysql” command. For example:

# ps ax | grep mysql

To check that Mysql server is running fine, try to access to the mysql console. For example:

# mysql -uadmin -p`cat /etc/psa/.psa.shadow` -D psa

In the newest versions of Parallels Plesk Panel, the password can be restored using the “ch_admin_passwd” utility.

# /usr/local/psa/admin/sbin/ch_admin_passwd –help

To change the password, use a command like the following one:

# export PSA_PASSWORD=’NEW_PASSWORD’ ; /usr/local/psa/admin/sbin/ch_admin_passwd; unset PSA_PASSWORD

Load MySQL with ’skip-grant-tables’ option, adding skip-grant-tables to the [mysqld] section of /etc/my.cnf file

Restart MySQL with the following command prompt:

# /etc/init.d/mysqld restart

Add the new password to the /etc/psa/.psa.shadow file.

Repair the password using the following command prompt:

# /usr/bin/mysql -D mysql -e”update user set password=PASSWORD(’`cat /etc/psa/.psa.shadow`’) where User=’admin’;”

Delete skip-grant-tables option from /etc/my.cnf

Restart MySQL.

Reference: http://parallels.com/

Hotfix for characters allowed as password in protected directory section

Only 20 characters allowed as password in protected directory section.

For RHEL4:

http://download.swsoft.com/ensim/download/pro/linux/10.0.0/hotfix/19/rhel4/epl-apache-10.0.0-31.rhel.4ES.i386.rpm

Installation Procedure:

Get the RPMs from the locations mentioned above.

2. Upgrade the RPMs.

For RHEL4ES:

rpm -Uvh epl-apache-10.0.0-31.rhel.4ES.i386.rpm

3. service epld restart.

Linux Password Security with pam_cracklib

Standard Unix reusable passwords are not really a good authentication system. In an effort to address this shortcoming, the PAM module pam_cracklib was developed for Linux systems.

Enabling pam_cracklib

The pam_cracklib module is enabled via the system’s standard PAM configuration interface. On Debian systems, this is the /etc/pam.d/common-password file (but it’s /etc/pam.d/system-auth on RedHat-derived systems.

The typical configuration looks something like this:

For debian:

password required pam_cracklib.so retry=3 minlen=12 difok=4
password required pam_unix.so md5 remember=12 use_authtok

For Redhat:

To setup these password restrictions, edit the /etc/pam.d/system-auth file and add/change the following pam_cracklib arguments highlighted in blue:

auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account required /lib/security/$ISA/pam_permit.so
password requisite /lib/security/$ISA/pam_cracklib.so retry=3 minlen=8 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
SBDavid

Enabling Password Aging

Enabling Password Aging

The following example shows how password expiration can be setup for individual user accounts.

The following files and parameters in the table are used when a new account is created with the useradd command. These settings are recorded for each user account in the /etc/shadow file.

Therefore, make sure to configure the following parameters before you create any user accounts using the useradd command:

$ cat login.defs |grep PASS_

# PASS_MAX_DAYS Maximum number of days a password may be used.
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
# PASS_WARN_AGE Number of days warning given before a password expires.
PASS_MAX_DAYS 99999
PASS_MIN_DAYS 0
PASS_WARN_AGE 7
#PASS_CHANGE_TRIES
#PASS_ALWAYS_WARN
#PASS_MIN_LEN
#PASS_MAX_LEN

Also check - /etc/default/useradd

# The number of days after a password expires until the account
# is permanently disabled
# INACTIVE=-1
#
# The default expire date
# EXPIRE=

When a user account is created using the useradd command, the parameters listed in the above table are recorded in the /etc/shadow file in the following fields

[username]:[password]:[date]:PASS_MIN_DAYS:PASS_MAX_DAYS:PASS_WARN_AGE:INACTIVE:EXPIRE:

To create a new user account you can execute the following command:

useradd -c “centos” -g users test

To get password expiration information:

$ chage -l centos

Last password change : Aug 31, 2009
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7

« Prev - Next »