Search Results

Search found 10747 results on 430 pages for 'password'.

Page 49/430 | < Previous Page | 45 46 47 48 49 50 51 52 53 54 55 56  | Next Page >

  • hardening a server: disallow password-login for sudoers and log unusual ips

    - by Fabian Zeindl
    Two question regarding sudo-login into an ubuntu-system (debian tips welcome as well): Is it possible to require sudoers on my box to only login with publickey-authentication? Is it possible to log which ip sudoers log in from and check that for "unusual activity" or take actions? I'm thinking about temporarily removing sudo-rights if sudoers don't log in from whitelisted IPs. Or is that too risky to be exploited?

    Read the article

  • Local admin password recovery: Windows Vista

    - by Jim Dennis
    I am faced with an unsettling situation. A friend of my father's has rather suddenly become a widower. Naturally they've taken care of the bank accounts and all the normal mundane things that people have been doing for a century or so. However, she was the computer user of the household. He was aware that they had some online banking stuff and bill paying stuff ... and that she spent lots of time on FaceBook and stuff like that. However, he doesn't know what her local passwords were (actually only vaguely aware that her couple of desktop and couple of laptop system even had passwords). He's never heard of "admin" passwords so that's no good either. In the past I've used KNOPPIX and the old LinuxCare "bootable business card" to recover NT passwords. I've never done this with MS Windows Vista. So, I'm looking for the best advice on how to do this. Naturally I do have physical access to the systems (the two laptops are charging across the room from me; and her old desktop systems are, naturally, still back at his place). Getting it right is much more important than fast or easy (I don't want to mess up those filesystems and possibly lose some photos or other stuff that he or his kids or grandkids will want). (BTW: if anyone things this is some social engineering hack to play upon the sympathies of the community to get the information I'm asking for ... think about it for a minute. I know about IRC and the "warez" boards. I know I can find this stuff out there if I dig enough. I'm just asking here because it'll hopefully be faster and, secondarily to raise awareness. As more of us put more of our lives online ... as we get older and as places like FaceBook continue to widen the appeal of computing to a broader segment of older people ... we are, as computer nerds, going to see a lot more of this. Survivors will needs us to be careful, sensitive and ethically responsible as they try to recover those bits of legacy during their bereavement. I can now tell you, first hand, it sucks!)

    Read the article

  • Autofill password in Google Chrome

    - by raoulsson
    Hi, I have to do a lot of loggin in on webpages and I like that firefox autofills in my passwords, once it knows them... How can I achieve the same for google chrome? I have read this post, installed the autofill=true extension but that does not do the job... Thanks!

    Read the article

  • Streamline Active Directory account creation via automated web site

    - by SteveM82
    In my company we have high employee turnover, and hence our helpdesk receives about a dozen requests per week for new Active Directory accounts. Currently, we receive these requests simply via e-mail or voice-mail, and rarely do we have all of the information necessary to create the account. I would like to find a web application that can be used by a manager or supervisor to formalize the requests they make for AD accounts for new employees under their command. Ideally, the application would prompt for all of necessary information, and allow the helpdesk to review the requests and approve or deny each one. If approved, the application would take care of creating the account and send an e-mail to the manager. I have found several application on the Internet that handle self-service account management (i.e., password resets or update contact info), which is also nice to have, but nothing that streamlines the new account request and creation part. Can anyone make suggestions on such an application? Thanks.

    Read the article

  • prevent use of 'net user' command to change passwords on windows vista / xp

    - by guest
    hello the point is, if i'm logged in (and as almost every windows user, i've got an admin-account), and someone comes across my not locked pc, it is possible to change my password the pro-way through using: net user Admin %NEW_PASSWD% what can i do to prevent that, besides not being logged in as admin. i once saw a way, where the 'net user' command was substituted by a .bat file. so if you call 'net user Admin ...', it runs this .bat-file instead, which locks the notebook immediately. problem is, i honestly don't know how i could let windows substitute eg net.exe with a .bat-file. (too little windows knowledge) do you know any way how to do it? i'd appreciate it.

    Read the article

  • MySQL based authentication with crypt()ed password fails in Apache 2.2

    - by Fester Bestertester
    I'm trying to set up a simple CalDAV/CardDAV server with a Radicale backend and an Apache 2.2 frontend. So far, it's all nice and simple, but I can't get the MySQL based authentication to work. I'd like to authenticate users against an existing MySQL database, and I need the REMOTE_USER variable to be set (pretty much like in the configuration examples for Radicale). I've tried mod_auth_mysql, which authenticated the users nicely, but failed to set the REMOTE_USER variable. The newer alternative seems to be mod_authn_dbd, which doesn't seem to like the crypted passwords in the MySQL database. According to the documentation, crypted passwords should work, so maybe I'm just missing a simple parameter. The configuration looks like this: DBDriver mysql DBDParams "sock=/var/run/mysqld/mysqld.sock dbname=myAuthDB user=myAuthUser pass=myAuthPW <Directory /> AllowOverride None Order allow,deny allow from all AuthName 'CalDav' AuthType Basic AuthBasicProvider dbd require valid-user AuthDBDUserPWQuery "SELECT crypt FROM myAuthTable WHERE id=%s" </Directory> I've tested the query, it works fine. And as mentioned before, mod_auth_mysql worked nicely against the same database, but didn't set the required variables. Am I just missing some configuration parameter? Or is mod_authn_dbd just not the right tool to achieve what I want?

    Read the article

  • PuTTY automatically supply password

    - by Kyle Cronin
    I have a situation where I need to have PuTTY (or another SSH client for Windows) automatically log into another machine via SSH. I realize that this isn't a good idea security-wise, but unfortunately I'm constrained by the limitations both on the client and the server. The best solution would be to have a shortcut or script on the desktop that, when double clicked, will connect to the server and automatically log in. Can I do this with PuTTY? I am willing to explore public key authentication, but I'm not sure where the PuTTY key resides or how to copy it to the server, as the app starts automatically upon login.

    Read the article

  • Verify linux user passwords

    - by zero_r
    Hi there I got a linux server that has several dozen users. I also have the cleartext password for every user (i know - bad security). I would like to know if the passwords are correct. Since the users are all ftp users and have the nologin shell, I cannot just write a script to check if login works. How can I do a local check on passwords? Script output could look like this: $ check_userpw < user_pw_list.txt user1 ok user2 ok user3 mismatch! user4 ok Thanks

    Read the article

  • Password protect app in jetty

    - by JohnW
    I am testing a webapp (.war) running in Jetty 7. For demo purposes I want to run this on a public URL, however I would like not to have the whole world (if they happen to come across the URL) be able to see it. Is there a way to make Jetty require a basic-auth type of authentication when accessing the webapp (without modifying anything inside the war, i.e. no edits on the web.xml file)? Or if not the webapp, then any part of what Jetty provides at port 8080?

    Read the article

  • Store system passwords with easy and secure access

    - by CodeShining
    I'm having to handle several VPS/services and I always set passwords to be different and random. What kind of storage do you suggest to keep these passwords safe and let me access them easily? These passwords are used for services like databases, webserver user and so on that run customers' services, so it's really important to keep them in a safe place and strong. I'm actually storing them in a google drive spreadsheet file, describing user, password, role, service. Do you know of better solutions? I'd like to keep them on a remote service to make sure I don't have to make backup copies (in case my hdd would fail somehow). I do work on *nix platforms (so windows specific solutions are not a choice here).

    Read the article

  • django: caching passwords for custom authentication

    - by gruszczy
    I am authenticating users in ldap, but this happens only once, when user is logging in. Afterwards I need to keep username and password, because before every ldap operation I need to make bind on ldap server before every operation. What is the safe way to cache this password (I can't store in the database or cookies) for as long as session persists.

    Read the article

  • Am I supposed to store hashes for passwords?

    - by Doug
    User System and Passwords: I was looking through MD5 stuff, and I am wondering what is the normal/good practice for passwords. Right now, I think people super encrypt the passwords and store the hashes. If so, how does password checking work? I just have the input password go through the encryption process again and then check the hash with the stored one, correct? This question may contradict the above, but should my salt ever be a randomly generated value?

    Read the article

  • ODBC continually prompts for password

    - by doublej92
    I have an application built in Access 2003 that uses a system DSN ODBC to connect to a SQL Server. The ODBC uses SQL authentication. When the application is started, the user is prompted to authenticate into the database. I have another computer set up within the same domain that has Access 2007 installed on it. I log in using the same credentials that I use to get on the machine that has Access 2003. I converted my application to Access 2007 format and everything works fine. However, when other users try to use the application, they are prompted to enter the database password every time a table is accessed. Thinking it was a problem with my ODBC, I confirmed that the connections were set up the same way on both of my machines, and the user's machine. Here is the interesting part, when the user logged into my machine, it started prompting for the password every time. When I logged into the user's machine, the application worked fine. Anyone have any ideas? All help is appreciated!

    Read the article

  • Programmatically Set Proxy Address, Port, User, Password throught Windows Registry

    - by Fábio Antunes
    I'm writing a small C# application that will use Internet Explorer to interact with a couple a websites, with help from WatiN. However, it will also require from time to time to use a proxy. I've came across Programmatically Set Browser Proxy Settings in C#, but this only enables me to enter a proxy address, and I also need to enter a Proxy username and password. How can I do that? Note: It doesn't matter if a solution changes the entire system Internet settings. However, I would prefer to change only IE proxy settings (for any connection). The solution has to work with IE8 and Windows XP SP3 or higher. I'd like to have the possibility to read the Proxy settings first, so that later I can undo my changes. EDIT With the help of the Windows Registry accessible through Microsoft.Win32.RegistryKey, i was able to apply a proxy something like this: RegistryKey registry = Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", true); registry.SetValue("ProxyEnable", 1); registry.SetValue("ProxyServer", "127.0.0.1:8080"); But how can i specify a username and a password to login at the proxy server? I also noticed that IE doesn't refresh the Proxy details for its connections once the registry was changed how can i order IE to refresh its connection settings from the registry? Thanks

    Read the article

  • Div click and AUTOCOMPLETE password dialog problem

    - by ticky
    And what if you want to autocomplete passwords? I am using similar thing here... I am using Div (id=loginButton) and it has some image - I don't want button control in MVC application (), neither image button. I have hidden input control which is hidden button actually (id=submit_btn). So, on div's (id=loginButton) click, I want to call hidden input control (id=submit_btn) and it's submit action. HTML: <div id="loginButton" > </div> <input type="submit" style="display:none" name="submit" id="submit_btn" /> And JQuery: $(document).ready(function() { $('#loginButton').click(function() { $('#LoginForm').submit(); }); $("form[action$='HandleLoginForm']").submit(function() { Login(); return false; }); return false; }); Function Login() is working with Ajax, without downloading file dialog, but I need also auto complete passwords dialog. function Login() { var urlData = $("#LoginForm").serialize(); if (returnUrl != "") { urlData = $("#LoginForm").serialize() + "&returnUrl=" + returnUrl; } $.ajax({ url: $("#LoginForm").attr("action"), type: "POST", data: urlData, dataType: "json", success: function(result) { if (result.Content != null) { if (result.Valid) { window.location = result.Content.toString(); } else { document.body.innerHTML = result.Content.toString(); } } } }); return false; } It is easy when you use only <input type="submit"> instead of DIV. Form knows that it is for auto completing passwords, but if I use div and force hidden button click like in the code from below, it doesn't show autocomplete password dialog. $('#submit_btn').click(); It will not work. User is logged in, but no reminding for browser to store password. I need this.

    Read the article

  • Verifying existence of name and password in NSUserDefaults to Skip a login/Screen

    - by Michael Robinson
    I have a Tabbar/Tableview App that modally loads a Login/Signup view when the app loads, I have set up a Root.plist in a settings bundle for the name and password and have successfully retrieved the items. I want to be able to do two things: 1) Do a test to see if the NSUserDefault Strings are empty and if so load the Login/Signup view. 2) If the strings are available then use the string contents to login to my Webservice. Thanks in advance. Here is my LoginViewController .m : @synthesize usernameField; @synthesize passwordField; @synthesize loginButton; @synthesize loginIndicator; @synthesize usernameLabel; @synthesize passwordLabel; -(void)refreshFields { NSUserDefaults *defaults = [NSUserDefaults standardUserDefaults]; usernameLabel.text = [defaults objectForKey:kUsernameKey]; passwordLabel.text = [defaults objectForKey:kPasswordKey]; } - (void)viewDidAppear:(BOOL)animated { [self refreshFields]; [super viewDidAppear:animated]; } - (void)viewDidLoad { [super viewDidLoad]; [self refreshFields]; [self.navigationController setNavigationBarHidden:YES animated:NO]; } - (IBAction) login: (id) sender { { NSString *post =[NSString stringWithFormat:@"username=%@&password=%@",usernameField.text, passwordField.text]; NSString *hostStr = @"http:~iphone_login.php?"; hostStr = [hostStr stringByAppendingString:post]; NSData *dataURL = [NSData dataWithContentsOfURL: [ NSURL URLWithString: hostStr ]]; NSString *serverOutput = [[NSString alloc] initWithData:dataURL encoding: NSASCIIStringEncoding]; NSLog(@"Site: %@",hostStr); NSLog(@"Site: %@",serverOutput); if([serverOutput isEqualToString:@"Yes"]){ UIAlertView *alertsuccess = [[UIAlertView alloc] initWithTitle:@"Congrats" message:@"You are authorized " delegate:self cancelButtonTitle:@"OK" otherButtonTitles:nil, nil]; [alertsuccess show]; [alertsuccess release];

    Read the article

  • WCF: Using Streaming and Username/Password authentication at the same time

    - by Kay
    Hi, I have a WCF Service with the following requirements: a) The client requests a file from the server which is transferred as a Stream. Files may be 100MB or larger. I need streaming or chucking or whatever to make sure that IIS is not loading the whole package into memory before starting to send it. b) The client will transfer an ID to identify the file to be downloaded. The user should be authenticated by providing username/password. c) While the username/password part of the communication needs to be encrypted, encryption of the downloaded file is optional for our use case. My other services, where I am returning smaller files, I am using the following binding: <ws2007HttpBinding> <binding name="ws2007HttpExtern" maxReceivedMessageSize="65536000"> <security mode="Message"> <message clientCredentialType="UserName" /> </security> </binding> </ws2007HttpBinding> But, as I said, that is no good for streaming (Message encryption needs the complete message to encrypt and that is not the case when streaming). So, I asked Microsoft support and I got more or less the following proposal: <bindings> <basicHttpBinding> <binding name="basicStreaming" messageEncoding="Mtom" transferMode="StreamedResponse"> <security mode="Transport"> <transport clientCredentialType="Basic" /> </security> </binding> </bindings> <services> <service behaviorConfiguration="MyProject.WCFInterface.DownloadBehavior" name="MyProject.WCFInterface.DownloadFile"> <endpoint address="" binding="basicHttpBinding" bindingConfiguration="basicStreaming" contract="MyProject.WCFInterface.IDownloadFile" /> <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" /> </service> </services> <behaviors> <serviceBehaviors> <behavior name="MyProject.WCFInterface.DownloadBehavior"> <serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" /> <serviceDebug includeExceptionDetailInFaults="true" /> </behavior> </serviceBehaviors> </behaviors> When I use this, I get the following error message: Could not find a base address that matches scheme https for the endpoint with binding BasicHttpBinding. Registered base address schemes are [http]. I am using the Web Development Server so far (for production IIS7). I have two questions. a) How would you configure WCF to achieve the goal? b) If the MS proposal is good: What I am doing wrong, the error message does not really help me. Thanks.

    Read the article

  • TeamCity forgotten admin password - where to look?

    - by Schneider
    I need to recover/reset the admin password for JetBrain's TeamCity. I have full RDP access to the server so no problems there. It's just been 2 months since we used it so now I have forgotten my login - my usual ones don't work. It is setup without a database at the moment, so was hoping the usernames would just be in a file somewhere, but no luck finding it so far.

    Read the article

  • javamail:username password not accepted

    - by bobby
    i get this error when i try to send a mail using javamail api,im sure that the code is correct and username and password are 100% correct,and the gmail account which im connecting is an older account(bcoz they say it takes time for it to work with new account) DEBUG SMTP RCVD: 535-5.7.1 Username and Password not accepted. Learn more at 535 5.7.1 http://mail.google.com/support/bin/answer.py?answer=14257 x35sm3011668 wfh.6 javax.mail.SendFailedException: Sending failed; nested exception is: javax.mail.AuthenticationFailedException at javax.mail.Transport.send0(Transport.java:218) at javax.mail.Transport.send(Transport.java:80) at Main.(Main.java:41) at Main.main(Main.java:51) and this is my code: import javax.mail.*; import javax.mail.internet.*; import java.util.*; public class Main { String d_email = "[email protected]", d_password = "pass", d_host = "smtp.gmail.com", d_port = "465", m_to = "[email protected]", m_subject = "Testing", m_text = "testing email."; public Main() { Properties props = new Properties(); props.put("mail.smtp.user", d_email); props.put("mail.smtp.host", d_host); props.put("mail.smtp.port", d_port); props.put("mail.smtp.starttls.enable","true"); props.put("mail.smtp.auth", "true"); props.put("mail.smtp.debug", "true"); props.put("mail.smtp.socketFactory.port", d_port); props.put("mail.smtp.socketFactory.class", "javax.net.ssl.SSLSocketFactory"); props.put("mail.smtp.socketFactory.fallback", "false"); SecurityManager security = System.getSecurityManager(); try { Authenticator auth = new SMTPAuthenticator(); Session session = Session.getInstance(props, auth); session.setDebug(true); MimeMessage msg = new MimeMessage(session); msg.setText(m_text); msg.setSubject(m_subject); msg.setFrom(new InternetAddress(d_email)); msg.addRecipient(Message.RecipientType.TO, new InternetAddress(m_to)); Transport.send(msg); } catch (Exception mex) { mex.printStackTrace(); } } public static void main(String[] args) { Main blah = new Main(); } private class SMTPAuthenticator extends javax.mail.Authenticator { public PasswordAuthentication getPasswordAuthentication() { return new PasswordAuthentication(d_email, d_password); } } }

    Read the article

  • It's not just “Single Sign-on” by Steve Knott (aurionPro SENA)

    - by Greg Jensen
    It is true that Oracle Enterprise Single Sign-on (Oracle ESSO) started out as purely an application single sign-on tool but as we have seen in the previous articles in this series the product has matured into a suite of tools that can do more than just automated single sign-on and can also provide rapidly deployed, cost effective solution to many demanding password management problems. In the last article of this series I would like to discuss three cases where customers faced password scenarios that required more than just single sign-on and how some of the less well known tools in the Oracle ESSO suite “kitbag” helped solve these challenges. Case #1 One of the issues often faced by our customers is how to keep their applications compliant. I had a client who liked the idea of automated single sign-on for most of his applications but had a key requirement to actually increase the security for one specific SOX application. For the SOX application he wanted to secure access by using two-factor authentication with a smartcard. The problem was that the application did not support two-factor authentication. The solution was to use a feature from the Oracle ESSO suite called authentication manager. This feature enables you to have multiple authentication methods for the same user which in this case was a smartcard and the Windows password.  Within authentication manager each authenticator can be configured with a security grade so we gave the smartcard a high grade and the Windows password a normal grade. Security grading in Oracle ESSO can be configured on a per application basis so we set the SOX application to require the higher grade smartcard authenticator. The end result for the user was that they enjoyed automated single sign-on for most of the applications apart from the SOX application. When the SOX application was launched, the user was required by ESSO to present their smartcard before being given access to the application. Case #2 Another example solving compliance issues was in the case of a large energy company who had a number of core billing applications. New regulations required that users change their password regularly and use a complex password. The problem facing the customer was that the core billing applications did not have any native user password change functionality. The customer could not replace the core applications because of the cost and time required to re-develop them. With a reputation for innovation aurionPro SENA were approached to provide a solution to this problem using Oracle ESSO. Oracle ESSO has a password expiry feature that can be triggered periodically based on the timestamp of the users’ last password creation therefore our strategy here was to leverage this feature to provide the password change experience. The trigger can launch an application change password event however in this scenario there was no native change password feature that could be launched therefore a “dummy” change password screen was created that could imitate the missing change password function and connect to the application database on behalf of the user. Oracle ESSO was configured to trigger a change password event every 60 days. After this period if the user launched the application Oracle ESSO would detect the logon screen and invoke the password expiry feature. Oracle ESSO would trigger the “dummy screen,” detect it automatically as the application change password screen and insert a complex password on behalf of the user. After the password event had completed the user was logged on to the application with their new password. All this was provided at a fraction of the cost of re-developing the core applications. Case #3 Recent popular initiatives such as the BYOD and working from home schemes bring with them many challenges in administering “unmanaged machines” and sometimes “unmanageable users.” In a recent case, a client had a dispersed community of casual contractors who worked for the business using their own laptops to access applications. To improve security the around password management the security goal was to provision the passwords directly to these contractors. In a previous article we saw how Oracle ESSO has the capability to provision passwords through Provisioning Gateway but the challenge in this scenario was how to get the Oracle ESSO agent to the casual contractor on an unmanaged machine. The answer was to use another tool in the suite, Oracle ESSO Anywhere. This component can compile the normal Oracle ESSO functionality into a deployment package that can be made available from a website in a similar way to a streamed application. The ESSO Anywhere agent does not actually install into the registry or program files but runs in a folder within the user’s profile therefore no local administrator rights are required for installation. The ESSO Anywhere package can also be configured to stay persistent or disable itself at the end of the user’s session. In this case the user just needed to be told where the website package was located and download the package. Once the download was complete the agent started automatically and the user was provided with single sign-on to their applications without ever knowing the application passwords. Finally, as we have seen in these series Oracle ESSO not only has great utilities in its own tool box but also has direct integration with Oracle Privileged Account Manager, Oracle Identity Manager and Oracle Access Manager. Integrated together with these tools provides a complete and complementary platform to address even the most complex identity and access management requirements. So what next for Oracle ESSO? “Agentless ESSO available in the cloud” – but that will be a subject for a future Oracle ESSO series!                                                                                                                               

    Read the article

  • Connect to an irc server with password

    - by hvtuananh
    I'm writing script in remote.ini The script looks like on 1:start:{ server some.irc.server server -m another.irc.server } The script works well as when I open mIRC, it automatically connect to 2 servers above Now, I want to connect to an irc server that require password, say abcdef How can I write script in remote.ini to connect to this server?

    Read the article

  • Django SMTP and secure password authentication

    - by Lehych
    I have an SMTP server that e`uires secure password authentication (e.g. Outlook requires to check SPA). Is there a way to deal with it with Django SMTPConnection? Or maby any ideas about any python solution to deal SPA? Honestly, I couldn't find enough about SPA, to understand what is it exactly: * en.wikipedia:Secure_Password_Authentication * http://www.kuro5hin.org/?op=displaystory;sid=2002/4/28/1436/66154

    Read the article

< Previous Page | 45 46 47 48 49 50 51 52 53 54 55 56  | Next Page >