Search Results

Search found 11663 results on 467 pages for 'forgot password'.

Page 10/467 | < Previous Page | 6 7 8 9 10 11 12 13 14 15 16 17  | Next Page >

  • How to change password schema for Dovecot user authentication for an already existing mail server

    - by deb_lrnr
    Hello, I have an email server setup on Debian Lenny with Postfix, Dovecot, SASL and MySQL. Currently, the password scheme in my dovecot-sql.conf file is set to: CRYPT default_pass_scheme = CRYPT I would like to globally change the scheme to something stronger like SSHA, or MD5-CRYPT and re-hash all passwords with SSHA. What is the best way to do this? The Dovecot wiki mentions how passwords that don't follow the default scheme defined in dovecot-sql.conf can be prefixed with "{ssha}password", but I couldn't see anything regarding changing an already-existing scheme to a new one for all passwords that are already in the database. Thanks for your help!

    Read the article

  • tools to check password security

    - by tombull89
    Hello again. I'm after a tool to test how long a password could stand up to a hacking/cracking technique such as brute force as two passwords that are critical to a work system is one word that is in the dictionary, and another is a word in the dictionary with a capital letter and a number instead of a letter. I'd prefer it to be offline and free that you can run on a computer to see how long the password will hold out. Maybe even at the windows login prompt but I realise such programmes may be shady and erring on the side of illegal. Anybody have any suggestions?

    Read the article

  • Problem typing password when running sudo in terminal

    - by ohm-p
    I have a different problem.When first time I used ubuntu old to new in every version I can easily type password in terminal after sudo command.But now a day I can't because In terminal after sudo command in password i can't able to type any thing like char or number ,but just in password other part in terminal I can type. Now,probelm is there that it don't show password means not that in terminal password is in hide mode.Every time I type in after that it show me" sorry,try again" error message after three time wrong password means empty password it's again come into first position. For solve this problem I used old to new version of ubuntu also format it many time but same problem occured. Please help me because without terminal password I can't install anything.

    Read the article

  • using git on DOS command line asks for password - but not when using TortoiseGit or gitBash

    - by Sandy
    I would like to use the DOS command line to enter the command: git clone "git_path.git" myDir It asks me to enter a password which I would like to avoid. I usually use TortoiseGit to do all git related operations. I would like to setup cruisecontrol using ant with a custom git task. Therefore I need to perform git clone on the command line in Windows 7. But it only works using git bash and not DOS. According to other forum entries, I tried to convert the key with puttyGen and put the file id_rsa in c:/Users/myName/.ssh I also added an authorized_keys file but it still asks for a password. Any ideas? Thanks

    Read the article

  • How do I set the root password so I can use su instead of sudo?

    - by Zignd
    Warning: Directly logging in as root is like playing with fire, because one little typo is enough to lose critical data or make your system unbootable. Note that desktop environments will also function incorrectly if you login to them as root. See these questions for the reasons behind why sudo is preferred and why root-login is disabled by default: What are the benefits of sudo over su? Why is there no option to login as root? Instead of letting you set a password for root during install Ubuntu set it to * for no password and disables the actual account login, however even with this being said you can still use root in ubuntu by sudo. So how to set a root password on Ubuntu?

    Read the article

  • scp using a password on the command line

    - by spierepf
    I am trying to write a script that will deploy a build created on my desktop machine (windows/cygwin) to a machine in my test environment (linux). I would like to use scp to copy the build to the target machine. The only account on the target machine is root, and I cannot create a special user for this task. The root user is unable to log in using an ssh key (I suspect that this is configured on the ssh server, but I do not know which configuration options control this). At any rate, I cannot change the configuration of the ssh server. My desktop machine uses Cygwin, and I have ssh installed. What I need is the command-line-fu that will allow me to put the password on the command line. I am aware of the dangers of having a plaintext password in a shell script, but that is not a concern here.

    Read the article

  • Password History Storage and Variability Comparison

    - by z3ke
    I believe this situation would be similar to many others out there, so maybe some of you can shed some light... Supposedly, when making password changes through MS exchange every 90 days, you cannot use any simple variation of one of your old passwords, up to whatever limit the admin's set for a system. My question: If your previous passwords are only stored as hashes, how can they check for the "just changed one letter" case. Wouldn't they have to have access to the old plain-text passwords in order to make those comparisons? The only other thing I can think of is if upon original creation of a password, they also stored all other one character permutations of it, so that they can be banned later?

    Read the article

  • How do I set a Group Policy's Password Policy in C#

    - by user343304
    I am trying to retrieve a group policy from a Windows Server 2008 Active Directory and change the minimum password age, maximum password age, and minimum password length in a C# application. Is there a way to do this? So far I have only found out how to create new Group Policy objects using Interop.GPMGMTLib (gpmgmt.dll), yet I haven't figured out how to change the policy's password rules and I am not sure if there is an easier way.

    Read the article

  • Android 2.2 - and exchange password policy enforcement

    - by Moshe
    Hi, In Android 2.2 site (link text it's written: Improved security with the addition of numeric pin or alpha-numeric password options to unlock device. Exchange administrators can enforce password policy across devices But while I'm using N1 with 2.2 and try to connect to my company exchange server it didn't enforce me to set a password, although connecting to the same server from Windows Mobile 6 device enforce this. I know that exchange server is configured to enforce password. Is there anything special the administrator need to do? Thank you, Moshe

    Read the article

  • Excel password removal

    - by nkcooke
    We receive Excel workbook files every day which are password protected with the same password. We know this password. Is there a utility or method to remove password protection on these workbook files without invoking Excel.exe or the Excel object. Our goal is to take Excel out of the process and utilize SpreadsheetGear in VB.net. However, SpreadsheetGear can only unprotect worksheets not workbooks. Thanks

    Read the article

  • Password Validation

    - by Humpton
    Hi there. Using mysql and php Is there any reason / value when checking a password to query the database using the user name and password (after sanitizing, of course) and recording a failed attempt when no rows are returned vs querying the database using the user name and then comparing the return password string? EDIT: To those who mentioned it below, yes the password is hashed up in the database.

    Read the article

  • hash password in mssql (asp.net)

    - by ile
    Is this how hashed password stored in mssql should look like? This is function I use to hash password (I found it in some tutorial) public string EncryptPassword(string password) { //we use codepage 1252 because that is what sql server uses byte[] pwdBytes = Encoding.GetEncoding(1252).GetBytes(password); byte[] hashBytes = System.Security.Cryptography.MD5.Create().ComputeHash(pwdBytes); return Encoding.GetEncoding(1252).GetString(hashBytes); } Thanks, Ile

    Read the article

  • How can I use fetchmail (or another email grabber) with OSX keychain for authentication?

    - by bias
    Every fetchmail tutorial I've read says putting your email account password clear-text in a config file is safe. However, I prefer security through layers (since, if my terminal is up and someone suspecting such email foolery slides over and simply types "grep -i pass ~/.*" then, oops, all my base are belong to them!). Now, with msmtp (as opposed to sendmail) I can authenticate using the OSX keychain. Is there an email 'grabber' that lets me use Keychains (or at least, that lets me MD5 the password)?

    Read the article

  • Missing Password check

    - by AAA
    I am using the code below, it checks for empty fields and verifies email, but even if the password is correct it won't login. the password has been inserted with md5 protection, below is the code. I am new to this so please bare with me. Thanks! PHP: session_start(); //Checks if there is a login cookie if(isset($_COOKIE['ID_my_site'])) //if there is, it logs you in and directes you to the members page { $email = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM accounts WHERE email = '$email'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if ($pass != $info['password']) { } else { header("Location: home.php"); } } } //if the login form is submitted if (isset($_POST['submit'])) { // if form has been submitted // makes sure they filled it in if(!$_POST['email'] | !$_POST['password']) { die('You did not fill in a required field.'); } // checks it against the database if (!get_magic_quotes_gpc()) { $_POST['email'] = addslashes($_POST['email']); } $check = mysql_query("SELECT * FROM accounts WHERE email = '".$_POST['email']."'")or die(mysql_error()); //Gives error if user dosen't exist $check2 = mysql_num_rows($check); if ($check2 == 0) { die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>'); } while($info = mysql_fetch_array( $check )) { $_POST['password'] = stripslashes($_POST['password']); $info['password'] = stripslashes($info['password']); $_POST['password'] = md5($_POST['password']); //gives error if the password is wrong if ($_POST['password'] != $info['password']) { die('Incorrect password, please try again.'); } else { // if login is ok then we add a cookie $_POST['email'] = stripslashes($_POST['email']); $hour = time() + 3600; setcookie(ID_my_site, $_POST['email'], $hour); setcookie(Key_my_site, $_POST['password'], $hour); //then redirect them to the members area header("Location: home.php"); } } } else { // if they are not logged in <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> <table border="0"> <tr><td colspan=2><h1>Login</h1></td></tr> <tr><td>email:</td><td> <input type="text" name="email" maxlength="40"> </td></tr> <tr><td>Password:</td><td> <input type="password" name="password" maxlength="50"> </td></tr> <tr><td colspan="2" align="right"> <input type="submit" name="submit" value="Login"> </td></tr> </table> </form> } Here is the registration code: PHP: // here we encrypt the password and add slashes if needed $_POST['password'] = md5($_POST['password']); if (!get_magic_quotes_gpc()) { $_POST['password'] = mysql_escape_string($_POST['password']); $_POST['email'] = mysql_escape_string($_POST['email']); $_POST['full_name'] = mysql_escape_string($_POST['full_name']); $_POST['user_url'] = mysql_escape_string($_POST['user_url']); } // now we insert it into the database $insert = "INSERT INTO accounts (Uniquer, Full_name, Email, Password, User_url) VALUES ('".$uniquer."','".$_POST['full_name']."', '".$_POST['email']."','".$_POST['password']."', '".$_POST['user_url']."')"; $add_member = mysql_query($insert); After using ini_set function i got to see the error, i am getting this message but not sure what it means: Notice: Undefined index: password in /var/www/domain.com/htdocs/login.php on line 103 Notice: Use of undefined constant password - assumed 'password' in /var/www/domain.com/htdocs/login.php on line 11

    Read the article

  • Authlogic and password and password confirmation attributes - inaccessible?

    - by adam
    Im trying to test my successfully creates a new user after login (using authlogic). Ive added a couple of new fields to the user so just want to make sure that the user is saved properly. The problem is despite creating a valid user factory, whenever i try to grab its attributes to post to the create method, password and password confirmation are being ommitted. I presuem this is a security method that authlogic performs in the background. This results in validations failing and the test failing. Im wondering how do i get round this problem? I could just type the attributes out by hand but that doesnt seem very dry. context "on POST to :create" do context "on posting a valid user" do setup do @user = Factory.build(:user) post :create, :user => @user.attributes end should "be valid" do assert @user.valid? end should_redirect_to("users sentences index page") { sentences_path() } should "add user to the db" do assert User.find_by_username(@user.username) end end ##User factory Factory.define :user do |f| f.username {Factory.next(:username) } f.email { Factory.next(:email)} f.password_confirmation "password" f.password "password" f.native_language {|nl| nl.association(:language)} f.second_language {|nl| nl.association(:language)} end

    Read the article

  • Using Base SAS to validate Windows Password

    - by Bazil
    We have a signon script that requires a Windows password in order to access and validate against the SAS metadata server. The problem is that if the windows password is changed, and the script is run a few without being updated, then the user gets locked out and has to call IT support for a password reset. What is the simplest way of using Base SAS to validate a windows password? ie to enable a warning to the user if the password provided is not valid... EDIT: The concern is not whether or not this SHOULD be done, only HOW it could be done!

    Read the article

  • mySQL database password change now crashes Joomla.

    - by casim
    I have a mySQL database behind a Joomla install. I changed the database password because I forgot it but now Joomla crashes looking for the database. I guess joomla has the password written somewhere - if anyone knows I might be able to manual edit it and enter the new database password. Otherwise I'm hoping a manual install of a backup of the original database will work. I need to know does a backup include the database password. If yes, will reinstating my original database solve the problem for me by reverting the system back to it's original password? Please help. thx, s.

    Read the article

  • Can I get all active directory passwords in clear text using reversible encryption?

    - by christian123
    EDIT: Can anybody actually answer the question? Thanks, I don't need no audit trail, I WILL know all the passwords and users can't change them and I will continue to do so. This is not for hacking! We recently migrated away from a old and rusty Linux/Samba domain to an active directory. We had a custom little interface to manage accounts there. It always stored the passwords of all users and all service accounts in cleartext in a secure location (Of course, many of you will certainly not think of this a being secure, but without real exploits nobody could read that) and disabled password changing on the samba domain controller. In addition, no user can ever select his own passwords, we create them using pwgen. We don't change them every 40 days or so, but only every 2 years to reward employees for really learning them and NOT writing them down. We need the passwords to e.g. go into user accounts and modify settings that are too complicated for group policies or to help users. These might certainly be controversial policies, but I want to continue them on AD. Now I save new accounts and their PWGEN-generated (pwgen creates nice sounding random words with nice amounts of vowels, consonants and numbers) manually into the old text-file that the old scripts used to maintain automatically. How can I get this functionality back in AD? I see that there is "reversible encryption" in AD accounts, probably for challenge response authentication systems that need the cleartext password stored on the server. Is there a script that displays all these passwords? That would be great. (Again: I trust my DC not to be compromised.) Or can I have a plugin into AD users&computers that gets a notification of every new password and stores it into a file? On clients that is possible with GINA-dlls, they can get notified about passwords and get the cleartext.

    Read the article

  • How recovery zip password using CUDA (GPU) ?

    - by marc
    Welcome, How can i recovery zip password on linux using CUDA (GPU). From 2 day's i'm trying using "fcrackzip" but it's too slow. Few months back i saw some application that can use GPU / CUDA and get large performance boost in compare to CPU. If brute-force using cuda is not possible, please tell me what's the best application for dictionary attack, and where can i find best (largest) dictionary. Regards

    Read the article

  • Nginx Password Protect Directory Downloads Source Code

    - by Pamela
    I'm trying to password protect a WordPress login page on my Nginx server. When I navigate to http://www.example.com/wp-login.php, this brings up the "Authentication Required" prompt (not the WordPress login page) for a username and password. However, when I input the correct credentials, it downloads the PHP source code (wp-login.php) instead of showing the WordPress login page. Permission for my htpasswd file is set to 644. Here are the directives in question within the server block of my website's configuration file: location ^~ /wp-login.php { auth_basic "Restricted Area"; auth_basic_user_file htpasswd; } Alternately, here are the entire contents of my configuration file (including the above four lines): server { listen *:80; server_name domain.com www.domain.com; root /var/www/domain.com/web; index index.html index.htm index.php index.cgi index.pl index.xhtml; error_log /var/log/ispconfig/httpd/domain.com/error.log; access_log /var/log/ispconfig/httpd/domain.com/access.log combine$ location ~ /\. { deny all; access_log off; log_not_found off; } location = /favicon.ico { log_not_found off; access_log off; } location = /robots.txt { allow all; log_not_found off; access_log off; } location /stats/ { index index.html index.php; auth_basic "Members Only"; auth_basic_user_file /var/www/web/stats/.htp$ } location ^~ /awstats-icon { alias /usr/share/awstats/icon; } location ~ \.php$ { try_files /b371b8bbf0b595046a2ef9ac5309a1c0.htm @php; } location @php { try_files $uri =404; include /etc/nginx/fastcgi_params; fastcgi_pass unix:/var/lib/php5-fpm/web11.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_intercept_errors on; } location / { try_files $uri $uri/ /index.php?$args; client_max_body_size 64M; } location ^~ /wp-login.php { auth_basic "Restricted Area"; auth_basic_user_file htpasswd; } } If it makes any difference, I'm using Ubuntu 14.04.1 LTS with Nginx 1.4.6 and ISPConfig 3.0.5.4p3.

    Read the article

  • Password best practices

    - by pcampbell
    Given the recent events with a 'hacker' learning and retrying passwords from website administrators, what can we suggest to everyone about best practices when it comes to passwords? use unique passwords between sites (i.e. never re-use a password) words found in the dictionary are to be avoided consider using words or phrases from a non-English language use pass phrases and use the first letter of each word l33tifying doesn't help very much Please suggest more!

    Read the article

  • Active Directory GPO - New Password Rules

    - by Chris Gunner
    In implementing a GPO for Active Directory, a colleague has mentioned that they have implemented one which disallows 'similar' new password to be chosen - i.e. 'password1' cannot be changed to 'password2'. Seeing as AD stores all passwords as hashes, and a hash of the two options above would be markedly different and certainly not related - how can this be possible?

    Read the article

< Previous Page | 6 7 8 9 10 11 12 13 14 15 16 17  | Next Page >