pyth0n3 Posted September 5, 2010 Report Share Posted September 5, 2010 (edited) In sistemele operative Ubuntu based de default o password poate fi de 6 caractere .Pt a schimba passwordul un user poate folosi comandul passwd care va controla anumite criterii in /etc/pam.d/common-password si in baza acestor criterii passswordul va fi schimbat Cum am mai zis de default va trebui s? fie de cel pu?in 6 caractereAnumite module pot fi introduse in /etc/pam.d/common-password pt a schimba regulile in care vine creata o passwordIn /etc/pam.d/common-password de default ar trebui sa fie o regula de tipul:password [success=1 default=ignore] pam_unix.so obscure use_authtok retry=3 min=10 try_first_pass sha512In acest caz este folosit ca modul pam_unix.so try_first_pass -> inseamna ca atunci cand userul isi va schimba parola i se va cere intai vechea parola sha512 -> este algoritmul folosit pt a cripta password-urile (poate fi si MD5)obscure -> parola va fi testata inainte cat este de complicata (in acest caz va fi pusa in confront cu anumite reguli a acestei opziuni ): Palindrome Verifies that the new password is not a palindrome of (i.e., the reverse of) the previous one. Case Change Only Verifies that the new password isn´t the same as the old one with a change of case. Similar Verifies that the new password isn´t too much like the previous one. Simple Is the new password too simple? This is based on the length of the password and the number of different types of characters (alpha, numeric, etc.) used. Rotated Is the new password a rotated version of the old password? (E.g., "billy" and "illyb")retry -> de cate ori userul poate gresi , daca valoarea este 3 , dupa ce va pune parola de 3 ori gresit programul se va inchidemin -> aici se poate specifica cate caractere poate avea passwordul (default 6)Aici este o problema pe care am gasit-o in sistemele Ubuntu , am folosit ubuntu 8 si Ubuntu 10 pt a face testeOrice valoare va fi specificata nu va schimba nimic deoarece va ramane valoarea de default (6)Aveti si voi asemenea probleme? Cineva a a pus ca un BUG aceasta problema mai demult dar nu cred ca sa rezolvat https://bugs.launchpad.net/ubuntu/+source/pam/+bug/139999Am mai incercat sa incarc un alt modul in PAM pt a putea rezolva aceasta problemapassword requisite pam_cracklib.so retry=3 minlen=9 difok=1Aici va incarca modulul pam-cracklib.soO alta erroare pe care am gasito este opziunea minlen Eu credeam ca aici se poate specifica o valoare pt cate caractere va avea parola dar nu este adevarat In orice caz ar fi trebuit sa insemne minimum characters si valoarea ar fi trebuit sa specifice exact cate caractere poate avea minlen in acest caz este cu totul altceva: The minimum acceptable size for the new password (plus one if credits are not disabled which is the default). In addition to the number of characters in the new password, credit (of +1 in length) is given for each different kind of character (other, upper, lower and digit). The default for this parameter is 9 which is good for a old style UNIX password all of the same type of character but may be too low to exploit the added security of a md5 system. Note that there is a pair of length limits in Cracklib itself, a "way too short" limit of 4 which is hard coded in and a defined limit (6) that will be checked without reference to minlen. If you want to allow passwords as short as 5 characters you should not use this module.Sa nu va confundati , nu va schimba cat de lunga trebuie sa fie parola ci cat de puternica in baza anumitor valori Cel mai bine ar fi (9)difok -> va controla in baza valorii cate caractere pot fi de acelasi fel exemplu :difok= 2aabcaadeaa -> Accept aaabaaabaaa -> Deny Daca reusiti sa schimbati valoarea minima a caracterelor pt o password in ubuntu va rog sa postati care distro ati folosit si cum ati configurat Edited September 5, 2010 by pyth0n3 Quote Link to comment Share on other sites More sharing options...
Flubber Posted September 5, 2010 Report Share Posted September 5, 2010 Nu mi-a functionat, am scris "123456789" (min = 10) si mi-a schimbat-o + ca este usoara! Nici nu m-a atentionat.Config-ul:# pam-auth-update to manage selection of other modules. See# pam-auth-update(8) for details.# here are the per-package modules (the "Primary" block)password [success=1 default=ignore] pam_unix.so obscure retry=3 min=10 try_first_pass sha512# here's the fallback if no module succeedspassword requisite pam_deny.so# prime the stack with a positive return value if there isn't one already;# this avoids us returning an error just because nothing sets a success code# since the modules above will each just jump aroundpassword required pam_permit.so# and here are more per-package modules (the "Additional" block)password optional pam_gnome_keyring.so# end of pam-auth-update configeval@eval-laptop:~$ passwdChanging password for eval.(current) UNIX password: # optiunea asta mi-a bagat-oEnter new UNIX password: # aici am scris 123456789Retype new UNIX password: # confirmat-opasswd: [B]password updated successfully[/B] # <- TADAAAAMeval@eval-laptop:~$ Apropo, ai dat pam-auth-update config? Dupa ce am dat asta mi-au functionat anumite setari.Edit: Am uitat sa specific ca rulez pe Ubuntu 10.04.1 LTS // Kernel: 2.6.32-25-generic Quote Link to comment Share on other sites More sharing options...
pyth0n3 Posted September 6, 2010 Author Report Share Posted September 6, 2010 (edited) Daca ar trebuie sa configurezi un sistem in asa fel incat password-urile trebuie sa fie cel putin 8-9 caractere nu vad o posibilitate Userul va incerca oricum una simpla de 3-4 , sistemul ii va da un error deoarece min e 6 dar in anumite cazuri cand o password ar trebui sa fie mai mare de 6 cum obligi userii sa aleaga o asemenea parola fara nici un fel de control ?Bineinteles unii vor spune da ce te intereseaza cate caractere ar trebui sa aiba o parola? sau de ce nu iti alegi o alta distro ? Edited September 6, 2010 by pyth0n3 Quote Link to comment Share on other sites More sharing options...
pyth0n3 Posted September 16, 2010 Author Report Share Posted September 16, 2010 (edited) Am g?sit o explica?ie la ceea ce am descris mai sus ,avînd in vedere faptul ca in Linux vine folosit Data Encryption Standard (DES) Acest algoritm suporta un maxim de 8 caractere In cazul in care vine specificat un num?r mai mare de 8 caractere passwordul nu va fi respins oricum dar DES va t?ia fiecare caracter in plus Deci un user cu o password de 10 caractere va face login doar cu 8 consecutive iar celelalte doua vor fi t?iateCeea ce m-ar interesa e limita la alte algoritme Spre exemplu blowfish va avea o limita de maxim 97 caractere Edited September 16, 2010 by pyth0n3 Quote Link to comment Share on other sites More sharing options...