Archive for the tag 'Passwords'

Limits in Parallels Plesk Panel for usernames/passwords

User names and passwords in Parallels Plesk Panel are case sensitive. The following limits for user and password length exist:

For Unix/Linux Systems.

Parallels Plesk Panel user name length 1…20
Parallels Plesk Panel user password length 5…14
System user name length 1…16
System user password length 5…255
SBDavid

Forcing Strong Passwords

Forcing Strong Passwords

To protect the network from intrusion it is a good idea for system administrators to verify that the passwords used within an organization are strong ones. When users are asked to create or change passwords, they can use the command line application passwd, which is Pluggable Au-thentication Manager (PAM) aware and therefore checks to see if the password is easy to crack
or too short in length via the pam_cracklib.so PAM module. Since PAM is customizable, it is possible to add further password integrity checkers, such as pam_passwdqc (available from ht-tp://www.openwall.com/passwdqc/) or to write a new module. For a list of available PAM mod-ules, refer to http://www.kernel.org/pub/linux/libs/pam/modules.html.

There are many password cracking programs that run under Red Hat Enterprise Linux although none ship with the operating system. Below is a brief list of some of the more popular password cracking programs:

John The Ripper — A fast and flexible password cracking program. It allows the use of mul- tiple word lists and is capable of brute-force password cracking. It is available online at ht- tp://www.openwall.com/john/.

Crack — Perhaps the most well known password cracking software, Crack is also very fast, though not as easy to use as John The Ripper. It can be found online at ht- tp://www.crypticide.com/users/alecm/.

Slurpie — Slurpie is similar to John The Ripper and Crack, but it is designed to run on multiple computers simultaneously, creating a distributed password cracking attack. It can be found along with a number of other distributed attack security evaluation tools online at ht- tp://www.ussrback.com/distributed.htm.

The -M option of the chage command specifies the maximum number of days the password is valid. So, for instance, to set a user’s password to expire in 90 days, type the following com-mand:

chage -M 90 username

Password Protecting GRUB Using Boot Loader Passwords

GRUB can be configured by adding a password directive to its configuration file. To do this, first decide on a password, then open a shell prompt, log in as root, and type:

/sbin/grub-md5-crypt

When prompted, type the GRUB password and press Enter. This returns an MD5 hash of the password.

Next, edit the GRUB configuration file /boot/grub/grub.conf. Open the file and below the timeout line in the main section of the document, add the following line:

password –md5

Replace with the value returned by /sbin/grub-md5-crypt

The next time the system boots, the GRUB menu does not allow access to the editor or com-mand interface without first pressing p followed by the GRUB password.

prevent an attacker from booting into a non-secure operat-ing system in a dual-boot environment. For this, a different part of the /boot/grub/grub.conf file must be edited.

Look for the title line of the non-secure operating system and add a line that says lock directly beneath it.

For a DOS system, the stanza should begin similar to the following:

title DOS lock

To create a different password for a particular kernel or operating system, add a lock line to the stanza, followed by a password line.

Each stanza protected with a unique password should begin with lines similar to the following example:

title DOS lock password –md5