Search Results

Search found 11075 results on 443 pages for 'password retrieval'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 35/443 | < Previous Page | 31 32 33 34 35 36 37 38 39 40 41 42  | Next Page >

  • .htaccess authorization requiring username/password for every resource

    - by webworm
    I am using Apache2 on Ubuntu and I have having some "weird" user authorization issues. I am using .htaccess to control access to my directories. I have many users and have grouped them into user groups which are defined in a "group" file. I then use .htaccess within each directory to define which users have access to the directory and which do not. Here is an example .htaccess file. AuthUserFile /var/local/.htpasswd AuthGroupFile /var/local/groups AuthName "Username and Password Required" AuthType Basic require group design admin Everything is working with one exception. I added a new user to one of my groups and though they can gain access to the directory they are prompted for a username and password for every resource (i.e. image, CSS). After a while I can just keep selecting "cancel" and I will get a page with just html with no images or CSS. I would think the browser would just cache the username/password. It seems to be working well for other users. Any thoughts?

    Read the article

  • Password Protect XML-RPC

    - by Terence Eden
    I have a service running on a server which I want to access via XML-RPC. I've installed all the necessary bits. Within /etc/apache2/httpd.conf I have the single line SCGIMount /RPC2 127.0.0.1:5000 I can run xmlrpc commands from my server - and any server which connects to /RPC2. What I want to do is password protect the directory to stop unauthorised usage. Within /etc/apache2/httpd.conf I've added <Location /RPC2> AuthName "Private" AuthType Basic AuthBasicProvider file AuthUserFile /home/me/myhtpasswd Require user me </Location> Trying to access /RPC2 brings up the "Authorization Required" box and it accepts my username and password. However, xmlrpc now doesn't work! If I run xmlrpc localhost some_command on my server, I get the error Failed. Call failed. HTTP response code is 401, not 200. (XML-RPC fault code -504) Is there any way I can password protect my /RPC2 directory and have xmlrpc commands work?

    Read the article

  • Scripting an 'empty' password in /etc/shadow

    - by paddy
    I've written a script to add CVS and SVN users on a Linux server (Slackware 14.0). This script creates the user if necessary, and either copies the user's SSH key from an existing shell account or generates a new SSH key. Just to be clear, the accounts are specifically for SVN or CVS. So the entry in /home/${username}/.ssh/authorized_keys begins with (using CVS as an example): command="/usr/bin/cvs server",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty ssh-rsa ....etc...etc...etc... Actual shell access will never be allowed for these users - they are purely there to provide access to our source repositories via SSH. My problem is that when I add a new user, they get an empty password in /etc/shadow by default. It looks like: paddycvs:!:15679:0:99999:7::: If I leave the shadow file as is (with the !), SSH authentication fails. To enable SSH, I must first run passwd for the new user and enter something. I have two issues with doing that. First, it requires user input which I can't allow in this script. Second, it potentially allows the user to login at the physical terminal (if they have physical access, which they might, and know the secret password -- okay, so that's unlikely). The way I normally prevent users from logging in is to set their shell to /bin/false, but if I do that then SSH doesn't work either! Does anyone have a suggestion for scripting this? Should I simply use sed or something and replace the relevant line in the shadow file with a preset encrypted secret password string? Or is there a better way? Cheers =)

    Read the article

  • Password-less login into localhost

    - by Brad
    I am trying to setup password-less login into my localhost because it's required for a tutorial. I went through the normal steps of generating an rsa key and appending the public key to authorized_keys but I am still prompted for a password. I've also enabled RSAAuthentication and PubKeyAuthentication in /etc/ssh_config. Following other suggestions I've seen, I tried: chmod go-w ~/ chmod 700 ~/.ssh chmod 600 ~/.ssh/authorized_keys But the problem persists. Here is the output from ssh -v localhost: (tutorial)bnels21-2:tutorial bnels21$ ssh -v localhost OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011 debug1: Reading configuration data /etc/ssh_config debug1: /etc/ssh_config line 20: Applying options for * debug1: Connecting to localhost [::1] port 22. debug1: Connection established. debug1: identity file /Users/bnels21/.ssh/id_rsa type 1 debug1: identity file /Users/bnels21/.ssh/id_rsa-cert type -1 debug1: identity file /Users/bnels21/.ssh/id_dsa type -1 debug1: identity file /Users/bnels21/.ssh/id_dsa-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9 debug1: match: OpenSSH_5.9 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.9 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Server host key: RSA 1c:31:0e:56:93:45:dc:f0:77:6c:bd:90:27:3b:c6:43 debug1: Host 'localhost' is known and matches the RSA host key. debug1: Found key in /Users/bnels21/.ssh/known_hosts:11 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Next authentication method: publickey debug1: Offering RSA public key: /Users/bnels21/.ssh/id_rsa debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Offering RSA public key: id_rsa3 debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Trying private key: /Users/bnels21/.ssh/id_dsa debug1: Next authentication method: keyboard-interactive Password: Any suggestions? I'm running OSX 10.8.

    Read the article

  • rdp allow client reconnect without password prompt after several hours

    - by Tom
    Let me describe the setup first: client PC with several rdp sessions to local servers, all opened from saved rdp sessions with stored passwords, using the standard windows rdp client. several windows servers on the LAN, with varying server OS: windows server 2003, 2008, and even 2012 now. When I log onto my PC I open up rdp sessions to all those servers, and keep them open all the time for various reasons. Overnight the client PC is put into sleep or hibernate mode, thereby braking the rdp connections. On the next day when I wake the client PC and login again, the rdp sessions automatically try to reconnect to the servers, and this leads to the question: starting with server 2008 something apparently changed in the rdp server config, as all servers with 2008, 2008r2 and 2012 will prompt for the password in the rdp session, whereas the 2003 server rdp connections will re-establish without the password prompt. Apparently there is a timeout setting on 2008+ that, when exceeded, requires a reauthentication. Is there any way to setup the 2008+ servers to behave like 2003 did? I'd like the rdp sessions to reconnect without a password prompt even after a several hour disconnect.

    Read the article

  • Scripting around the lack of user:password@domain url functionality in jscript/IE

    - by Idiomatic
    I currently have a jscript that runs a php script on a server for me, dead simple. But... I want to be atleast somewhat secure so I setup a login. Now if I use the regular user:password@domain system it won't work (IE decided it was a security issue). And if I let IE just remember the password then it pops up a security message confirming my login every time (which kills the point of the button). So I need a way to make the security message go away. I could lower security settings, which tbh I am fine with but nothing seems to make it fuck off (there might be some registry setting to change). Find a fix for jscript that will let me use a password in the url. There used to be a regedit that worked for older systems which allowed IE to use url passwords (not working on my 64bit windows7 setup) though I doubt that'd have helped jscript anyways (since it outright crashes). Use an app other than IE. Inwhich case I'm not sure how to go about it, I want it to be responsive and invisible so IE was a good choice. It is near instant. Use XMLHttpRequest instead of IE directly? May even be faster but I've no idea if it'd help or just have the same error. Use a completely different approach. Maybe some app that can script website browsing. var args = {}; var objIEA = new ActiveXObject("InternetExplorer.Application"); if( WScript.Arguments.Item(0) == "pause" ){ objIEA.navigate("http://domain/index.html?pause"); } if( WScript.Arguments.Item(0) == "next" ){ objIEA.navigate("http://domain/index.html?next"); } objIEA.visible = false; while(objIEA.readyState != 4) {} objIEA.quit();

    Read the article

  • Users Password does not reset after successful login at the console but works fine with SSH

    - by jnbbender
    The title says it all. I have my unsuccessful login attempts set to three. I purposefully fail logging in 2x, then when I SSH into the box successfully the 3rd time my count drops back to zero; exactly what should happen. But at the console I get failed login attempts EVEN for my successful login attempts. I am using RHEL 5.6 and no I am not able to upgrade. Here is my system-auth file: auth required pam_env.so auth required pam_tally.so onerr=fail deny=3 per_user auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth required pam_deny.so account required pam_unix.so account required pam_tally.so account sufficient pam_succeed_if.so uid < 500 quiet account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password required pam_deny.so session optional pam_keyinit.co revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so I have tried adding reset after and in place of per_user in the auth required pam_tally.so field. Nothing seems to work and I don't know why SSH is working just fine. Any ideas?

    Read the article

  • sfDoctrineGuard question

    - by nebur85
    Hy, I'm trying to do a "i forgot my password" functionallity. My problem is that if i try to do a Doctrine query and send password to email it retrieves password encripted. I look at some webs that DoctrineGuard don't have this functionallity and only have register and login functionallity. Is it true? In this case, how i can do a remember password function? thanks

    Read the article

  • Suggestions for library to hash passwords in JAVA

    - by DutrowLLC
    What JAVA library should I be using to Hash passwords for storage in a database? I was hoping to just take the plain text password, add a random salt, then store the salt and the hashed password in the database. Then when a user wanted to log in, I could just take their submitted password, add the random salt from their account information, hash it and see if it equates to the stored hash password with their account information.

    Read the article

  • Upgrading PHP, MySQL old-passwords issue

    - by Rushyo
    I've inherited a Windows 2k3 server running an XAMPP-installation from the stone age. I needed to upgrade PHP to facilitate an upgrade to MediaWiki to facilitate a new MediaWiki extension (to facilitate some documentation to facilitate doing my job to facilitate getting paid to facilit... you get the idea). However... installing a new version of PHP resulted in PHP's MySQL libraries refusing to communicate using MySQL's 'old style' 152-bit passwords. Not a problem in theory. The MySQL installation is post-4.1, so it should have the functionality to upgrade the user's passwords from 152-bit to 328-bit (what a weird hashing algorithm...). I ran the following: SET PASSWORD = PASSWORD('foo'); on MySQL but querying: SELECT user, password FROM mysql.user; returned just the same password I started out with - 152-bit. Now... I suspect you're thinking 'AHA! old-passwords is on!'. Unfortunately it's not - I've disabled it in the configuration (explicitly set it to 0), made doubly sure I have an absolute reference to that configuration file and ensured the service isn't using the --old-passwords flag. The service was reset after each and every operation. So I went onto another system and generated the 328-bit hash on there, copying the hash over to the first MySQL instance. Unfortunately, that didn't work either (I did remember to FLUSH PRIVILEGES). The application error is: "'mysqlnd cannot connect to MySQL 4.1+ using the old insecure authentication. Please use an administration tool [...snip...] Is there anything else I can try to get PHP to recognise MySQL as not using the 'old insecure authentication'? MySQL seems to be stuck in 'old-passwords' mode and I can't get it out of it.

    Read the article

  • Trust my work domain on a Dev Domain without a domain level password

    - by Vaccano
    I setup a virtual machine to host a dev version of TFS (to test plugins on). Getting a computer on my work domain requires large amounts of red tape and paperwork that I would rather not do. I created my own domain the the VM and I would like to trust all users from my work domain on that VM Domain. But when I tried to setup the trust I needed a password from my work domain (which I don't have). Am I trying to do something nefarious? I just want to be able to authenticate to my Test TFS (VM) Server as me (my login on my work domain). Is there a way to do that with out having to have a domain level password for my work domain? (My VM is a Windows Server 2008 R2 server)

    Read the article

  • Implement password recovery best practice

    - by Enrique
    Hello I want to to implement password recovery in my web application. I'd like to avoid using secret questions. I could just send the password by e-mail but I think it would be risky. Maybe I could generate a new temporary random password and send it by e-mail but I think it is as risky as the above point. Can I send a url by e-mail for example http://mysite.com/token=xxxx where xxxx is a random token associated with the user. So when the user navigates to that url he/she can reset the password. Any ideas?

    Read the article

  • Can I convert an ASCII MD5 hashed password into a Unicode MD5 hashed password?

    - by Jimmy Moo Moo
    Hello, I'm looking for help to convert an ASCII MD5 hashed password into a Unicode MD5 hashed password? For example, I'll use the string "password" . When it's converted to an ascii byte array, I get a base64 encoded hash of X03MO1qnZdYdgyfeuILPmQ== When it's converted into a unicode byte array, I get a base64 encoded hash of sIHb6F4ew//D1OfQInQAzQ== All my passwords are stored in an md5 hash that was applied to an ascii byte array, but I'm trying to migrate my application's user data to a system that stores password in an md5 hash that is applied a unicode byte array. In case it's not clear, with the following C#code: var passwordBytes = Encoding.ASCII.GetBytes("password"); var hashAlgorithm = HashAlgorithm.Create("MD5"); var hashBytes = hashAlgorithm.ComputeHash(passwordBytes); My current system uses this, but the system I'm moving to has a diff first time. It usese Encoding.Unicode.GetBytes. Does anybody know how I can convert my passwords? From X03MO1qnZdYdgyfeuILPmQ== into sIHb6F4ew//D1OfQInQAzQ== I'm guessing the answer is that I can't.. the encoding is being done before the hashing, but I thought I'd inquire the bright minds of stackoverflow and see if anybody has a way.

    Read the article

  • Chrome: Saved username/password filled in incognito mode

    - by Wouter Coekaerts
    If I open an incognito window in Google Chrome and go to a webpage where Chrome has a saved username and password from (for example the login form on http://gmail.com), I see that my username and password are automatically filled in. Does that mean that I am not really incognito? Can the website see my username even if I don't explicitly log in? Or is there some mechanism behind the scenes that prevents the webpage from grabbing auto-filled values unless I actually log in? Clarification: Stored usernames (and passwords) are a lot like cookies: your unique identifier linked to a certain site, stored locally in your browser, available to the site when you open it. When you go incognito you ask your browser not to identify you to the sites you visit. It does that by (among other things) not exposing its cookies. Exposing the stored username in this mode does not make sense to me (but maybe I'm missing something...).

    Read the article

  • Set a login with username/password for SQL Server 2008 Express

    - by Ewald Stieger
    I would like to set a password and username for connecting to a server with SQL Management Studio 2008. I set up SQL Server 2008 Express on a customer's computer to host a DB used by an Access 2007 app. The customer should not be able to access the DB or connect with SQL Management Studio. How do I set up a login and remove any logins that allow a user to connect via Windows Authentication and without entering a username and password? I have not much experience with logins and controlling access.

    Read the article

  • fabric and svn password

    - by hyperboreean
    Assuming that I cannot run something like this with Fabric: run("svn update --password 'password' .") how's the proper way to pass to Fabric the password for the remote interactive command line? I am not sure, but the svn server we're using might have some restrictions to not allow --non-interactive passwords and I couldn't find a way to automatically update a remote repo.

    Read the article

  • What is an efficient way to write password cracking algorithm (python)

    - by Luminance
    This problem might be relatively simple, but I'm given two text files. One text file contains all encrypted passwords encrypted via crypt.crypt in python. The other list contains over 400k+ normal dictionary words. The assignment is that given 3 different functions which transform strings from their normal case to all different permutations of capitalizations, transforms a letter to a number (if it looks alike, e.g. G - 6, B - 8), and reverses a string. The thing is that given the 10 - 20 encrypted passwords in the password file, what is the most efficient way to get the fastest running solution in python to run those functions on dictionary word in the words file? It is given that all those words, when transformed in whatever way, will encrypt to a password in the password file. Here is the function which checks if a given string, when encrypted, is the same as the encrypted password passed in: def check_pass(plaintext,encrypted): crypted_pass = crypt.crypt(plaintext,encrypted) if crypted_pass == encrypted: return True else: return False Thanks in advance.

    Read the article

  • How can I remove UNC password from a file

    - by freddoo
    Hi we have an mp4 file on our web server in a virtual directory When we try to access the file we get prompted for a username/password. When I tried to change the path of the virtual directory I got the message 'The following child nodes also define the value of the "UNCPassword" property, which overrides the value you have just set ...' which included the mp4 file that we try to access. How can I remove the UNC Password securing the file? The file is not on a shared drive its on the same drive as the web site root. The funny thing is the path of the virtual directory is not a UNC path it's a full path on the same server d:.....

    Read the article

  • how do you set the admin password on openldap 2.4

    - by dingfelder
    I am getting started with openLdap 2.4 and am having a bit of trouble, all the examples I see seem to refer to previous versions which used the text config file slapd.conf but from what I see on discussions about v2.4, this has been deprecated. I thought prehaps I needed to add a user, and log in as them but when I try and run an ldapadd command, I get a prompt to enter a password: Enter LDAP Password: ldap_bind: Invalid credentials (49) Notes: I installed openldap server via yum (in fedora 15), and have installed phpldapadminbut also can try things on the command line if anyone has suggestions. After installing and starting I get the following response from a search: # ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts # extended LDIF # LDAPv3 # base <> with scope baseObject # filter: (objectclass=*) # requesting: namingContexts dn: namingContexts: dc=my-domain,dc=com # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 I am glad to remove and reinstall the server if that helps, can anyone provide a link to tips that works for version 2.4 for a new setup?

    Read the article

  • How can I use scp without providing a password

    - by Tim
    I have asked a question before in here. My question was that I tried to give my password to scp via piping echo mypassword | scp [email protected]:project/* ~/project/ However it still asks me to manually input the password. How should I specify mypassword to scp in commands? I still don't understand one of the replies. what is a input stream by TTY, for example? What are the common ways for a input stream? How to know what type of input stream a stdin input to a command is? For example that of ssh/scp.

    Read the article

  • fills password and enters program automatically

    - by mark
    I am running Windows 7. In Internet Explorer 9, when I visit a webpage and enter a password it is automatically remembered. When I leave the site and return again at another time, the password is filled in automatically. I would like to stop this behavior. I do not not think that it is an auto fill problem. I think it may be related to an addon provided by my OEM and published by Authentic called "Truesuite Website Log On". How can I confirm that Truesuite is the culprit? How can I stop passwords from being filled in automatically.

    Read the article

  • htaccess password protection error

    - by nute
    I have an HTACCESS as follows: AuthUserFile /home/nasht00/.htmydomain AuthName "EnterPassword" AuthType Basic Require valid-user When I try it, the password pop-up appears. Whatever I enter in it, I get a 500 Internal Server Error. My password file is under /home/nasht00/.htmydomain . Its owner is nasht00:www-data (nasht00 is my user, www-data is the group that apache2 belongs to). File permissions on that file is 775. What am I missing? If I try without the htaccess it works fine of course. I have Ubuntu 9.10 with apache2.

    Read the article

  • Password protect web directory with htpasswd on Cherokee

    - by wdkrnls
    I have a directory on my Cherokee webserver that I am trying to password protect so that when I try to enter it from a web browser, I get a pop up demanding username and password. Needless to say I am getting stuck. I have created the .htaccess file with: AuthUserFile /srv/http/protected AuthGroupFile /dev/null AuthName "Protected Stuff" AuthType Basic Require valid-user And I used the apache-tools' htpasswd command: htpasswd -c .htpasswd wdkrnls I configured Cherokee with a behavior rule on the /protected directory which requires htpasswd authentication and restarted. I get Error 405 Method Not Allowed whenever I navigate there in a directory. What more do I need to do? Thanks for your help.

    Read the article

  • C command line password

    - by Jack Jacobsen
    So I'm trying to create a C program where you must input the password on the command line, like ./login password1 And if the password is password1, it'll say something. If not, it prints another message. This is the code I have now: #include <stdio.h> #include <stdlib.h> int main(int argc, char *argv[]) { if (argc < 2) { printf("usage: %s <password>\n", argv[0]); } char pass = "password"; if (argc == pass) { printf("Right\n"); } else { printf("Wrong\n"); } } But it wont work.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 31 32 33 34 35 36 37 38 39 40 41 42  | Next Page >