Search Results

Search found 13256 results on 531 pages for 'password policy'.

Page 43/531 | < Previous Page | 39 40 41 42 43 44 45 46 47 48 49 50  | Next Page >

  • Is disabling password login for SSH the same as deleting the password for all users?

    - by Arsham Skrenes
    I have a cloud server with only a root user. I SSH to it using RSA keys only. To make it more secure, I wanted to disable the password feature. I know that this can be done by editing the /etc/ssh/sshd_config file and changing PermitRootLogin yes to PermitRootLogin without-password. I was wondering if simply deleting the root password via passwd -d root would be the equivalent (assuming I do not create more users or new users have their passwords deleted too). Are there any security issues with one approach verses the other?

    Read the article

  • Multiple Passwords on One Account

    - by user110789
    I'd like to join three ideas into one interesting and sometimes useful feature. There was a question about using multiple passwords earlier this year, but it didn't receive much attention. I'd like to ask the question again after showing an interesting and new way to use the feature. The three original posts I found to be interestingly combined were: (1) Multiple passwords per user (2) http://blog.littleimpact.de/index.php/2009/09/14/automatic-encryption-of-home-directories-using-truecrypt-62-and-pam_exec/ (3) http://www.truecrypt.org/docs/hidden-volume Basically I'd like to login to my account with two passwords and depending on the password I use, I would get a different content in my home directory. In a way I would get a cryptographically hidden account into my system. So the question is, is it possible to allow multiple passwords to log on to Ubuntu/Linux for the same user?

    Read the article

  • a safer no password sudo?

    - by Stacia
    Ok, here's my problem - Please don't yell at me for being insecure! :) This is on my host machine. I'm the only one using it so it's fairly safe, but I have a very complex password that is hard to type over and over. I use the console for moving files around and executing arbitrary commands a LOT, and I switch terminals, so sudo remembering for the console isn't enough (AND I still have to type in my terrible password at least once!) In the past I have used the NOPASSWD trick in sudoers but I've decided to be more secure. Is there any sort of compromise besides allowing no password access to certain apps? (which can still be insecure) Something that will stop malware and remote logins from sudo rm -rf /-ing me, but in my terminals I can type happily away? Can I have this per terminal, perhaps, so just random commands won't make it through? I've tried running the terminal emulations as sudo, but that puts me as root.

    Read the article

  • How to disable password change for openldap user?

    - by Keve
    Considering possible solutions for some improvements I run into this theoretical question and I couldn't find a satisfying answer. Some of you may have first-hand experience with this in practice, so here the question goes: How can I disable password changing for an OpenLDAP user? The account must stay enabled, allowed to log on to workstations and work as usual, but should not be able to change its own password. Can this be done? If so, how difficult is it to implement it? All suggestions are appreciated! For reference: Servers and workstations are to run a mixture of FreeBSD and OpenBSD. Accounts to get password disabled are student or generic workstation accounts. Environment is a school.

    Read the article

  • Active Directoy GPO

    - by Phillip R.
    I am looking into some weird issues with active directory and group policy. This domain has been upgraded from windows NT and has a few different administrators over the years. I am looking through the Default Domain group policy and Default Domain Controller group policy. In the security areas and I will use the log on locally area as an example, it shows SIDes that begin with asterisks and are quite long they look sort of like the following *S-1-5-21-787626... Normally, when I see something like this I would think that the User account was no longer there and this was never cleaned up. Am I wrong in my assumption? Thanks in advance

    Read the article

  • AJAX Password Change without Refresh

    - by Richard
    I'm trying to implement password change functionality into my website. I've got all the password changing script, validation, etc done. But now I need to prevent the page from going to the script page or refreshing. When the user clicks the submit button, I want nothing to change except a message displaying successfully changed or error. So here's my html: <form id="change_Pass" action="" method="post"> Current Password<input type="password" id="change_password" name="change_password"><br> New Password<input type="password" id="new_password" name="new_password"><br> Verify Password<input type="password" id="verify_password" name="verify_password"><br> <input type="submit" value="Submit" id="change_pass_submit"> </form> And my jquery: $('#change_pass_submit').click(function(){ var $this = $(this); $.ajax({ data: $this.serialize(), // get the form data type: "POST", // GET or POST url: "/Private/change_password.php", // the file to call success: function() { // on success.. //$('#success_div).html(response); // update the DIV alert("good"); }, error: function() { // on error.. //$('#error_div).html(e); // update the DIV alert("bad"); } }); return false; //so it doesn't refresh when submitting the page }); And my php: <?php session_start(); require_once '../classes/Bcrypt.php'; ini_set('display_errors', 'On'); error_reporting(E_ALL | E_STRICT); $usr = $_SESSION["username"]; $old_pwd = $_POST["change_password"]; $new_pwd = $_POST["new_password"]; $new_pwd = Bcrypt::hash($new_pwd); try { $link = new PDO('mysql:host=*;dbname=*;charset=UTF-8','*','*'); $query = "SELECT * FROM Conference WHERE Username = :un"; $stmt = $link->prepare($query); $stmt->bindParam(':un', $usr); $stmt->execute(); $row = $stmt->fetchAll(); $hash = $row[0]["Password"]; $is_correct = Bcrypt::check($old_pwd, $hash); if($is_correct) { $query = "UPDATE Conference SET `Password`=:new_pwd WHERE Username = :usr"; $stmt = $link->prepare($query); $stmt->bindParam(':new_pwd', $new_pwd); $stmt->bindParam(':usr', $usr); $stmt->execute(); return true; } else return false; } catch(PDOException $e) { print "Error!: " . $e->getMessage() . "<br/>"; die(); } But for some reason, when I hit the submit button, the page STILL goes to change_password.php. I have no idea why, i've looked at so many tutorials and my code matches theirs but for some reason mine won't stay on the same page. Where did I go wrong?

    Read the article

  • What one-time-password devices are compatible with mod_authn_otp?

    - by netvope
    mod_authn_otp is an Apache web server module for two-factor authentication using one-time passwords (OTP) generated via the HOTP/OATH algorithm defined in RFC 4226. The developer's has listed only one compatible device (the Authenex's A-Key 3600) on their website. If a device is fully compliant with the standard, and it allows you to recover the token ID, it should work. However, without testing, it's hard to tell whether a device is fully compliant. Have you ever tried other devices (software or hardware) with mod_authn_otp (or other open source server-side OTP program)? If yes, please share your experience :)

    Read the article

  • Can't get access to PHPmyAdmin after setting a root password and using Instant Rails

    - by Derek
    Wanted to get started with Ruby on Rails so I installed instant rails and set up a mysql password. Problem is now I can't get access to phpmyadmin. From the rails control panel, when I go to configure database (via PhpMyadmin) it opens up phpmyadmin with the message Error MySQL said: Documentation #1045 - Access denied for user 'root'@'localhost' (using password: NO) When I used to use XAMPP after setting a password instead of taking me directly within phpmyadmin (as it did without a password) it took me to the login screen instead. With instant rails that's not the case. Anyone had this problem when they first set a mysql password and using the instant rails package?

    Read the article

  • ssis Connection manager password ("DontSaveSensitive")

    - by swapna
    Hi, I have a SSIS package used the protection level as "DontSaveSensitive" So initially i have saved the oledb connection manager password as in a XML config file.And this worked fine for me. Now for business requiremnt i have stored the configuration in sql server. Including password. Initially it worked fine.But suddenly connection manager is not taking password from sqlDB. If i set an environment variable for the "password" it's working. My question is. 1) what is the solution for this.( i can only save the configurations in sql) 2) initially how it worked.I mean initailly from sql server the password was taking. Please give some clue.I am doing a lot of trial and error. Thanks SNA

    Read the article

  • How to get login password in servlets

    - by Dusk
    I've successfully implemented form based authentication, and now I want to get the username and password to initialize session object in javamail from servlets. How can I do that? I can getlogin username by using method request.getRemoteUser(), but I don't know how to get the password. If I create any session object like: authentication = new PasswordAuthentication(user,password); Properties props = new Properties(); props.put("mail.host", "localhost"); props.put("mail.debug",true); props.put("mail.store.protocol", "pop3"); props.put("mail.transport.protocol", "smtp"); Session session = Session.getInstance(props, this); then how can I get inbox messages from mail server based upon particular username and password, if I don't pass any password from servlets to PasswordAuthentication object?

    Read the article

  • Password authentication in sqlite3 for iphone

    - by user271753
    Hey Guys .. I am new to programming in Objective C . I checked many tutorials on reading data in sqlite3 , but almost all of them have show the data in UITableView . I have a page where the user types in the password, the password lets say 1234 is saved in the database ( I have created a table already ) . I have got the database into the project folder . I just want a statement like if(databasepassword == correct from the uitextfield ) { show next page } else { password is incorrect.text } I will figure out on how to show the next page and display the password is incorrect.text I just want a method to cross check with the password saved in the database . How can I do that ? Regards

    Read the article

  • How can I check the mysql connection for a user/password using batch/shell script

    - by machaa
    Hi, How can I check the mysql connection for a user/password using batch/shell script? I've user name and password, and I need to authenticate whether they are correct or not, but how? I tried this way: I've created a batch file "run.bat" with "mysql -u User--password=UserPassword < commands.sql" "commands.sql" file contains "\q" When I run the file "run.bat" the output is nothing when User/Password are correct and "ERROR 1045 (28000): Access denied for user ... " when User/Password are incorrect. Now can we capture this output, and decide whether the connection is successful or not, if yes how? Regards

    Read the article

  • Dollar ($) sign in password string treated as variable

    - by ncatnow
    Spent some time troubleshooting a problem whereby a PHP/MySQL web application was having problems connecting to the database. The database could be accessed from the shell and phpMyAdmin with the exact same credentials and it didn't make sense. Turns out the password had a $ sign in it: $_DB["password"] = "mypas$word"; The password being sent was "mypas" which is obviously wrong. What's the best way to handle this problem? I escaped the $ with a \ $_DB["password"] = "mypas\$word"; and it worked. I generally use $string = 'test' for strings which is probably how I avoided running into this before. Is this correct behavious? What if this password was stored in a database and PHP pulled it out - would this same problem occur? What am I missing here...

    Read the article

  • [Sql-Server]what data type to use for password salt and hash values and what length?

    - by Pandiya Chendur
    I am generating salt and hash values from my passwords by using, string salt = CreateSalt(TxtPassword.Text.Length); string hash = CreatePasswordHash(TxtPassword.Text, salt); private static string CreateSalt(int size) { //Generate a cryptographic random number. RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider(); byte[] buff = new byte[size]; rng.GetBytes(buff); // Return a Base64 string representation of the random number. return Convert.ToBase64String(buff); } private static string CreatePasswordHash(string pwd, string salt) { string saltAndPwd = String.Concat(pwd, salt); string hashedPwd = FormsAuthentication.HashPasswordForStoringInConfigFile( saltAndPwd, "sha1"); return hashedPwd; } What datatype you would suggest for storing these values in sql server? Any suggestion... Salt:9GsPWpFD Hash:E778AF0DC5F2953A00B35B35D80F6262CDBB8567

    Read the article

  • Password checking in dojo

    - by Richard
    I want to check that two passwords are the same using Dojo. Here is the HTML I have: <form id="form" action="." dojoType="dijit.form.Form" / <pPassword: <input type="password" name="password1" id="password1" dojoType="dijit.form.ValidationTextBox" required="true" invalidMessage="Please type a password" /</p <pConfirm: <input type="password" name="password2" id="password2" dojoType="dijit.form.ValidationTextBox" required="true" invalidMessage="This password doesn't match your first password" /</p <div dojoType="dijit.form.Button" onClick="onSave"Save</div </form Here is the JavaScript I have so far: var onSave = function() { if(dijit.byId('form').validate()) { alert('Good form'); } else { alert('Bad form'); } } Thanks for your help. I could do this in pure JavaScript, but I'm trying to find the Dojo way of doing it.

    Read the article

  • Apache basic auth, mod_authn_dbd and password salt

    - by Cristian Vrabie
    Using Apache mod_auth_basic and mod_authn_dbd you can authenticate a user by looking up that user's password in the database. I see that working if the password is held in clear, but what if we use a random string as a salt (also stored in the database) then store the hash of the concatenation? mod_authn_dbd requires you to specify a query to select that password not to decide if the user is authenticated of not. So you cannot use that query to concatenate the user provided password with the salt then compare with the stored hash. AuthDBDUserRealmQuery "SELECT password FROM authn WHERE user = %s AND realm = %s" Is there a way to make this work?

    Read the article

  • Android: i need password example

    - by user1475122
    I have long been looking for a functioning example of a password, but I have not found. can someone help me? Explained more clearly: I have a TextField named password and I want that when it is written in 123 and press the button it goes to another activity if it is written in 123 if not it would inform the "wrong password!" and that the password is found file, which is / sdcard / Android / password.txt if you understood :) SORRY FOR MY BAD ENGLISH! I'm Finnish, and a young coder :) ( I hope someone may be understood :D )

    Read the article

  • Password remember does not work as needed

    - by sweetsecret
    On the website I am working on it has been deployed but the problem I am facing is that when I enter a username and password and click on the check box to remember...It remembers the password for sometime.. wen I login in after 5 or 10 minutes it remembers the password but aftr a long period of time like about 2hours it forgets the username and password and i have to type it in all over again... this dint used to happen with the old server as even I could sign in and it remembered the password the next day until i log off... what can be the reason The session state im using is:

    Read the article

  • Password remember does not work properly

    - by sweetsecret
    On the website I am working on it has been deployed but the problem I am facing is that when I enter a username and password and click on the check box to remember...It remembers the password for sometime.. wen I login in after 5 or 10 minutes it remembers the password but aftr a long period of time like about 2hours it forgets the username and password and i have to type it in all over again... this dint used to happen with the old server as even I could sign in and it remembered the password the next day until i log off... what can be the reason The session state im using is:

    Read the article

  • iPhone doesn't save password for Cisco IPsec VPN using racoon daemon

    - by dsx
    On my Debian server I had set up racoon daemon (1:0.8.0-14) for Cisco IPSec VPN using certificates for authentication. My racoon.conf is like following: log info; path certificate "/etc/racoon/certs"; listen { isakmp $SERVER_IP_HERE [500]; isakmp_natt $SERVER_IP_HERE [4500]; } timer { natt_keepalive 10 sec; } remote anonymous { lifetime time 24 hours; proposal_check obey; passive on; exchange_mode aggressive,main; my_identifier asn1dn; peers_identifier asn1dn; verify_identifier on; certificate_type x509 "cert_name.crt" "key_name.key"; ca_type x509 "ca.crt"; mode_cfg on; verify_cert on; ike_frag on; generate_policy on; nat_traversal on; dpd_delay 20; proposal { encryption_algorithm aes; hash_algorithm sha1; authentication_method xauth_rsa_server; dh_group modp1024; } } mode_cfg { conf_source local; auth_source system; auth_throttle 3; save_passwd on; dns4 8.8.8.8; network4 $SOME_LAN_SUBNET; netmask4 255.255.255.0; pool_size 128; } sainfo anonymous { pfs_group 2; lifetime time 24 hour; encryption_algorithm aes; authentication_algorithm hmac_sha1; compression_algorithm deflate; } I'm not using PSK authentication here. Using iPhone configuration utility I had uploaded all required certificates to iPhone and set up VPN on demand. Everything works just fine except one thing: iPhone refuses to save VPN password regardless of save_passwd on; in racoon configuration file. As opposed to iPhone behaviour, Mac OS X 10.8.2 have no problems saving password. I had examined iPhone log file and found following: racoon[151] <Notice>: >>>>> phase change status = phase 1 established configd[50] <Notice>: IPSec Network Configuration started. configd[50] <Notice>: IPSec Network Configuration: INTERNAL-IP4-ADDRESS = $SUBNET_IP_HERE. configd[50] <Notice>: IPSec Network Configuration: INTERNAL-IP4-MASK = 255.255.255.0. configd[50] <Notice>: IPSec Network Configuration: SAVE-PASSWORD = 0. configd[50] <Notice>: IPSec Network Configuration: INTERNAL-IP4-DNS = 8.8.8.8. configd[50] <Notice>: IPSec Network Configuration: BANNER = . configd[50] <Notice>: IPSec Network Configuration: DEF-DOMAIN = . configd[50] <Notice>: IPSec Network Configuration: DEFAULT-ROUTE = local-address $SUBNET_IP_HERE/32. configd[50] <Notice>: IPSec Phase2 starting. configd[50] <Notice>: IPSec Network Configuration established. configd[50] <Notice>: IPSec Phase1 established. Please note IPSec Network Configuration message containing SAVE-PASSWORD = 0.. Is it a bug in racoon daemon on server, or iPhone (iOS version is 6.0.1 (10A523)) or it is me missing something? How to make iPhone remember IPSec VPN password?

    Read the article

  • Sync KeePassX with KeePass2

    - by bioShark
    Simply put: In Ubuntu I am using KeePassX and in Windows KeePass2. In am not able to export/import passwords from one to another. I would prefer to use the same database, but I don't really know how. If there is no possibility to sync the 2, can you recommend another password vault, which is able to sync passwords from 2 OS, using a shared DB. Thanks I am using Ubuntu 12.04 and Win 7. Edit: I have noticed that KeePass2 is available in the Software Center, so I have installed it, and I can successfully open my Win7 database. Now I will migrate my KeePassX passwords. I am seeing now a huge difference in the looks. While KeePassX doesn't exactly have Ubuntu like look&feel, it's 100 times more elegant than the interface KeePass2 comes with. Well, maybe that was my initial decision for installing KeePassX on my Ubuntu machine. I can't remember. @fossfreedom, please add your comment as a response, so that I can accept it. Thank for the suggestion

    Read the article

  • Secure Password Storage and Transfer

    - by Andras Zoltan
    I'm developing a new user store for my organisation and am now tackling password storage. The concepts of salting, HMAC etc are all fine with me - and want to store the users' passwords either salted and hashed, HMAC hashed, or HMAC salted and hashed - not sure what the best way will be - but in theory it won't matter as it will be able to change over time if required. I want to have an XML & JSON service that can act as a Security Token Service for client-side apps. I've already developed one for another system, which requires that the client double-encrypts a clear-text password using SHA1 first and then HMACSHA1 using a 128 unique key (or nonce) supplied by the server for that session only. I'd like to repeat this technique for the new system - upgrading the algo to SHA256 (chosen since implementations are readily available for all aforementioned platforms - and it's much stronger than SHA1) - but there is a problem. If I'm storing the password as a salted hash in the user-store, the client will need to be sent that salt in order to construct the correct hash before being HMACd with the unique session key. This would completely go against the point of using a salt in the first place. Equally, if I don't use salt for password storage, but instead use HMAC, it's still the same problem. At the moment, the only solution I can see is to use naked SHA256 hashing for the password in the user store, so that I can then use this as a starting point on both the server and the client for a more secure salted/hmacd password transfer for the web service. This still leaves the user store vulnerable to a dictionary attack were it ever to be accessed; and however unlikely that might be - assuming it will never happen simply doesn't sit well with me. Greatly appreciate any input.

    Read the article

  • WCF REST with jQuery AJAX - removing/working around same origin policy

    - by csauve
    So I'm trying to create a C# WCF REST service that is called by jQuery. I've discovered that jQuery requires that AJAX calls are made under the same origin policy. I have a few questions for how I might proceed. I am already aware of; 1. The hacky solution of JSONP with a server callback 2. The way too much server overhead of having a cross-domain proxy. 3. Using Flash in the browser to make the call and setting up crossdomain.xml at my WCF server root. I'd rather not use these because; 1. I don't want to use JSON, or at least I don't want to be restricted to using it 2. I would like to separate the server that serves static pages from the one that serves application state. 3. Flash in this day in age is out of the question. What I'm thinking: is there anything like Flash's crossdomain.xml file that works for jQuery? Is this "same-origin" policy a part of jQuery or is it a restriction in specific browsers? If it's just a part of jQuery, maybe I'll try digging in the code to work around it.

    Read the article

  • Connecting to a self hosted WCF service from a Flex application - policy issues

    - by James S
    Hello, I am trying to accomplish the following: I wrote a Flex application that is trying to connect to a WCF service hosted on the clients computer. I also wrote a windows forms application for the client to run. This application exposes a self-hosted WCF service that the Flex application is supposed to connect to. This works fine if I'm loading the Flex application from my local IIS. The problem starts when the Flex application is hosted on a different domain. When this occurs, the flash player requires a crossdomain.xml policy file on the clients computer. I also managed to expose the crossdomain.xml on the clients computer using another WCF self-hosted service and WebHttpBinding on the clients computer. This also works fine. My problem is that the flash player requires that the crossdomain.xml or a meta policy file will be in the root directory of the domain. If I used my WCF service to expose something on the root directory of the clients computer I will run over any existing web server capabilities the client has on the computer (such as IIS). I know it's a bit complicated scenario, but any help would be appreciated. Thanks!

    Read the article

< Previous Page | 39 40 41 42 43 44 45 46 47 48 49 50  | Next Page >