Jump to content
pyth0n3

Password Length PAM file

By pyth0n3, in Sisteme de operare si discutii hardware

Recommended Posts

pyth0n3 Newbie

pyth0n3

Posted
Posted (edited)

In sistemele operative Ubuntu based de default o password poate fi de 6 caractere .

Pt a schimba passwordul un user poate folosi comandul passwd care va controla anumite criterii in /etc/pam.d/common-password si in baza acestor criterii passswordul va fi schimbat

Cum am mai zis de default va trebui s? fie de cel pu?in 6 caractere

Anumite module pot fi introduse in /etc/pam.d/common-password pt a schimba regulile in care vine creata o password

In /etc/pam.d/common-password de default ar trebui sa fie o regula de tipul:

password        [success=1 default=ignore]      pam_unix.so obscure use_authtok retry=3 min=10  try_first_pass sha512

In acest caz este folosit ca modul pam_unix.so

try_first_pass -> inseamna ca atunci cand userul isi va schimba parola i se va cere intai vechea parola

sha512 -> este algoritmul folosit pt a cripta password-urile (poate fi si MD5)

obscure -> parola va fi testata inainte cat este de complicata (in acest caz va fi pusa in confront cu anumite reguli a acestei opziuni ):

     Palindrome
               Verifies that the new password is not a palindrome of (i.e.,
               the reverse of) the previous one.

           Case Change Only
               Verifies that the new password isn´t the same as the old one
               with a change of case.

           Similar
               Verifies that the new password isn´t too much like the previous
               one.

           Simple
               Is the new password too simple? This is based on the length of
               the password and the number of different types of characters
               (alpha, numeric, etc.) used.

           Rotated
               Is the new password a rotated version of the old password?
               (E.g., "billy" and "illyb")

retry -> de cate ori userul poate gresi , daca valoarea este 3 , dupa ce va pune parola de 3 ori gresit programul se va inchide

min -> aici se poate specifica cate caractere poate avea passwordul (default 6)

Aici este o problema pe care am gasit-o in sistemele Ubuntu , am folosit ubuntu 8 si Ubuntu 10 pt a face teste

Orice valoare va fi specificata nu va schimba nimic deoarece va ramane valoarea de default (6)

Aveti si voi asemenea probleme?

Cineva a a pus ca un BUG aceasta problema mai demult dar nu cred ca sa rezolvat

https://bugs.launchpad.net/ubuntu/+source/pam/+bug/139999

Am mai incercat sa incarc un alt modul in PAM pt a putea rezolva aceasta problema

password        requisite                       pam_cracklib.so retry=3 minlen=9 difok=1

Aici va incarca modulul pam-cracklib.so

O alta erroare pe care am gasito este opziunea minlen

Eu credeam ca aici se poate specifica o valoare pt cate caractere va avea parola dar nu este adevarat

In orice caz ar fi trebuit sa insemne minimum characters si valoarea ar fi trebuit sa specifice exact cate caractere poate avea

minlen in acest caz este cu totul altceva:

   The minimum acceptable size for the new password (plus one if
           credits are not disabled which is the default). In addition to the
           number of characters in the new password, credit (of +1 in length)
           is given for each different kind of character (other, upper, lower
           and digit). The default for this parameter is 9 which is good for a
           old style UNIX password all of the same type of character but may
           be too low to exploit the added security of a md5 system. Note that
           there is a pair of length limits in Cracklib itself, a "way too
           short" limit of 4 which is hard coded in and a defined limit (6)
           that will be checked without reference to minlen. If you want to
           allow passwords as short as 5 characters you should not use this
           module.

Sa nu va confundati , nu va schimba cat de lunga trebuie sa fie parola ci cat de puternica in baza anumitor valori

Cel mai bine ar fi (9)

difok -> va controla in baza valorii cate caractere pot fi de acelasi fel

exemplu :

difok= 2

aabcaadeaa -> Accept

aaabaaabaaa -> Deny

Daca reusiti sa schimbati valoarea minima a caracterelor pt o password in ubuntu

va rog sa postati care distro ati folosit si cum ati configurat

Edited by pyth0n3
Link to comment
Share on other sites
Flubber Newbie

Flubber

Posted
Posted

Nu mi-a functionat, am scris "123456789" (min = 10) si mi-a schimbat-o + ca este usoara! Nici nu m-a atentionat.

Config-ul:


# pam-auth-update to manage selection of other modules.  See
# pam-auth-update(8) for details.

# here are the per-package modules (the "Primary" block)
password        [success=1 default=ignore]      pam_unix.so obscure retry=3 min=10 try_first_pass sha512
# here's the fallback if no module succeeds
password        requisite                       pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
password        required                        pam_permit.so
# and here are more per-package modules (the "Additional" block)
password        optional        pam_gnome_keyring.so
# end of pam-auth-update config


eval@eval-laptop:~$ passwd
Changing password for eval.
(current) UNIX password: # optiunea asta mi-a bagat-o
Enter new UNIX password: # aici am scris 123456789
Retype new UNIX password: # confirmat-o
passwd: [B]password updated successfully[/B] # <- TADAAAAM
eval@eval-laptop:~$

Apropo, ai dat pam-auth-update config? Dupa ce am dat asta mi-au functionat anumite setari.

Edit: Am uitat sa specific ca rulez pe Ubuntu 10.04.1 LTS // Kernel: 2.6.32-25-generic

Link to comment
Share on other sites
pyth0n3 Newbie

pyth0n3

Posted
  • Author
Posted (edited)

Daca ar trebuie sa configurezi un sistem in asa fel incat password-urile trebuie sa fie cel putin 8-9 caractere nu vad o posibilitate

Userul va incerca oricum una simpla de 3-4 , sistemul ii va da un error deoarece min e 6 dar in anumite cazuri cand o password ar trebui sa fie mai mare de 6 cum obligi userii sa aleaga o asemenea parola fara nici un fel de control ?

Bineinteles unii vor spune da ce te intereseaza cate caractere ar trebui sa aiba o parola? sau de ce nu iti alegi o alta distro ?

Edited by pyth0n3
Link to comment
Share on other sites
pyth0n3 Newbie

pyth0n3

Posted
  • Author
Posted (edited)

Am g?sit o explica?ie la ceea ce am descris mai sus ,avînd in vedere faptul ca in Linux vine folosit Data Encryption Standard (DES)

Acest algoritm suporta un maxim de 8 caractere

In cazul in care vine specificat un num?r mai mare de 8 caractere passwordul nu va fi respins oricum dar DES va t?ia fiecare caracter in plus

Deci un user cu o password de 10 caractere va face login doar cu 8 consecutive iar celelalte doua vor fi t?iate

Ceea ce m-ar interesa e limita la alte algoritme

Spre exemplu blowfish va avea o limita de maxim 97 caractere

Edited by pyth0n3
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...