Search Results

Search found 1522 results on 61 pages for 'passwords'.

Page 7/61 | < Previous Page | 3 4 5 6 7 8 9 10 11 12 13 14  | Next Page >

  • How to implement dynamic changing password for this scenario?

    - by Mike108
    What is the Best practice of dynamic changing password for this scenario? The scenario is: There are three web apps using ASP.NET. App1 checks the passwords of app2/app3 to authenticate the identity, and if app2/app3 is authenticated then app1 is allowed to receive information from App2 and App3. And app1 has to change the passwords of app2/app3 every two hour for security reason. Is it possible that there is a way to implement this scenario without app1 saving the passwords of app2/app3 for security reason? Or is there any best practice for dynamic changing password scenario?

    Read the article

  • Secure hash and salt for PHP passwords

    - by luiscubal
    It is currently said that MD5 is partially unsafe. Taking this into consideration, I'd like to know which mechanism to use for password protection. Is “double hashing” a password less secure than just hashing it once? Suggests that hashing multiple times may be a good idea. How to implement password protection for individual files? Suggests using salt. I'm using PHP. I want a safe and fast password encryption system. Hashing a password a million times may be safer, but also slower. How to achieve a good balance between speed and safety? Also, I'd prefer the result to have a constant number of characters. The hashing mechanism must be available in PHP It must be safe It can use salt (in this case, are all salts equally good? Is there any way to generate good salts?) Also, should I store two fields in the database(one using MD5 and another one using SHA, for example)? Would it make it safer or unsafer? In case I wasn't clear enough, I want to know which hashing function(s) to use and how to pick a good salt in order to have a safe and fast password protection mechanism. EDIT: The website shouldn't contain anything too sensitive, but still I want it to be secure. EDIT2: Thank you all for your replies, I'm using hash("sha256",$salt.":".$password.":".$id) Questions that didn't help: What's the difference between SHA and MD5 in PHP Simple Password Encryption Secure methods of storing keys, passwords for asp.net How would you implement salted passwords in Tomcat 5.5

    Read the article

  • repeated failing passwords in linux security log (/var/log/secure)

    - by wallyk
    Recently, I opened up the SSH port through my firewalls (and redirecting to my server) so I could check on the (http) server while on the road. The first week or two there was nothing different. But now, three or four weeks later, I see lots of this: Mar 20 08:38:28 localhost sshd[21895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=mail.queued.net user=root Mar 20 08:38:31 localhost sshd[21895]: Failed password for root from 207.210.101.209 port 2854 ssh2 Mar 20 15:38:31 localhost sshd[21896]: Received disconnect from 207.210.101.209: 11: Bye Bye Mar 20 08:38:32 localhost unix_chkpwd[21900]: password check failed for user (root) Mar 20 08:38:32 localhost sshd[21898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=mail.queued.net user=root Mar 20 08:38:34 localhost sshd[21898]: Failed password for root from 207.210.101.209 port 3729 ssh2 Mar 20 15:38:35 localhost sshd[21899]: Received disconnect from 207.210.101.209: 11: Bye Bye Mar 20 08:38:36 localhost unix_chkpwd[21903]: password check failed for user (root) Mar 20 08:38:36 localhost sshd[21901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=mail.queued.net user=root Mar 20 08:38:38 localhost sshd[21901]: Failed password for root from 207.210.101.209 port 4313 ssh2 Mar 20 15:38:38 localhost sshd[21902]: Received disconnect from 207.210.101.209: 11: Bye Bye Mar 20 08:38:40 localhost unix_chkpwd[21906]: password check failed for user (root) Mar 20 08:38:40 localhost sshd[21904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=mail.queued.net user=root Mar 20 08:38:42 localhost sshd[21904]: Failed password for root from 207.210.101.209 port 4869 ssh2 Mar 20 15:38:43 localhost sshd[21905]: Received disconnect from 207.210.101.209: 11: Bye Bye Mar 20 08:38:44 localhost unix_chkpwd[21909]: password check failed for user (root) Mar 20 08:38:44 localhost sshd[21907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=mail.queued.net user=root Mar 20 08:38:46 localhost sshd[21907]: Failed password for root from 207.210.101.209 port 2512 ssh2 Mar 20 15:38:47 localhost sshd[21908]: Received disconnect from 207.210.101.209: 11: Bye Bye Mar 20 15:38:57 localhost sshd[21912]: Connection closed by 207.210.101.209 There are about 1100 lines of these for March 20th, zero for the 19th, and 800 or so for the 18th—all related to the same IP. What does it mean? What should I do? Why isn't it chronological?

    Read the article

  • DCOM configuration: accounts with same name but different passwords problem

    - by archimed7592
    Hello, everybody! I'm experiencing troubles with DCOM configuration. Here is the case: I'm using some product which supports client-server interaction through DCOM, but the client won't get any access to the server if the attempt is being done from an account with a name which exists at the server as well, but has different password. Basically, if we try to access the server from the Administrator account which obviously present on the server machine, we will fail if client's Administrator password doesn't match server's one. After actively collaborating with the product's developer in attempts to localize the issue, he come across with resolution "can't be fixed" or, if you prefer to call a pikestaff a pikestaff than it's more likely a "don't know how to fix" resolution :). I believe there is a solution for this problem and I'm asking you, IT professionals, to help me out with this one. I do realize that the problem may be caused by the way the developer interact with DCOM and if so it can't be fixed be means of pure system configuration and the question should be asked at SO, but since I've bumped into the same behavior while working with file/printer sharing - Windows tried to simplify everything and used currently impersonated credentials to access the share, I hope the solution lies at system configuration layer. P.S. I believe that the actual software product I'm talking about is entirely irrelevant however my experience tell me that there always would be somebody who will think that it on the contrary is very relevant. Here it is: SpRecord.

    Read the article

  • Stop Windows Domain Environment Caching Old Passwords?

    - by Daryl Gill
    I have noticed on my domain environment; the old Administrator password (before password expire).. The client machines have cached the old password and have the ability to bypass the new password by entering the old one..? I have noticed on my domain environment; the old Administrator password (before password expire).. The client machines have cached the old password and have the ability to bypass the new password by entering the old one..? Basically; I'm running a UAC enabled domain, which needs the administrator password to continue basic stuff; installations and such. The password for the administrator account has been changed due to expiration of said accounts password. By accident a fellow administrator typed the old password and still bypassed the UAC with what should have been the incorrect password. Is this a bug with the environment? or something that needs to be tweaked in the server sided settings? Is this a bug with the environment? or something that needs to be tweaked in the server sided settings?

    Read the article

  • Building RPM containing passwords

    - by Kuf
    I need to be able to send an RPM to customers that will install the complete server, including Apache and MySQL. The customers will install it on a clean machine. After installation, the server should connect to our main DB, so I though of including the password in the RPM somehow, encrypted if possible. The reason I'm asking this is because I'm pretty sure that it's not wise to save the password in the rpm scripts. I was hoping that someone else had a similar problem and managed to solve that somehow. If anyone knows a way to do that, or have a better idea please share!

    Read the article

  • Passwords and Keys in Linux

    - by PeanutsMonkey
    In a fit of desperation when I had my wireless connection die on me, I thought it was a problem with the key I had created at the start when I initially configured the wireless connection and hence deleted it. The option to create the key had presented itself when I created the wireless connection. It no longer asks me to. Now I am back online, do I have re-create the password and key I had before? If so, what do I choose and why? The options I have are as follows; PGP Stored password Password keyring Secure shell key The first and last option seem to be obvious and I have no idea about the differences between the second and third options. Why do I need a stored password or password keyring in all scenarios and not just the wireless issue I ran into? EDIT 0 Further to Belisama's comment, I have amended my question. EDIT 1 As requested, I have attached a screenshot

    Read the article

  • Managing DroboShare SSH usernames and passwords

    - by user17067
    The default login for SSH on the droboshare is a user name of root with a password of giveit2me. With the command passwd the password can be changed. However I can't find anyway to change the default user name. Since any Unix based has a user named root this kinda bugs me as a minor security issue. Does anyone know how to change the user name for droboshare SSH logins? The SSH program being used is a variant of dropbear if that is any help.

    Read the article

  • dovecot login issue with plain passwords

    - by user3028
    I am having an odd problem in dovecot, the first time I try to login via telnet dovecot gives a error, the second time it works, both within the same telnet session. This is the telnet session, note the 'BAD Error in IMAP command received by server' and the "a OK" just after that : telnet 192.168.1.2 143 * OK Waiting for authentication process to respond.. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN] Dovecot ready. a login someUserLogin supersecretpassword * BAD Error in IMAP command received by server. a login someUserLogin supersecretpassword a OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS] Logged in dovecot configuration >dovecot -n # 2.0.19: /etc/dovecot/dovecot.conf # OS: Linux 3.5.0-34-generic x86_64 Ubuntu 12.04.2 LTS auth_debug = yes auth_verbose = yes disable_plaintext_auth = no login_trusted_networks = 192.168.1.0/16 mail_location = maildir:~/Maildir passdb { driver = pam } protocols = " imap" ssl_cert = </etc/ssl/certs/dovecot.pem ssl_key = </etc/ssl/private/dovecot.pem userdb { driver = passwd } This is the log file: Jul 3 12:27:51 linuxServer dovecot: auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth Jul 3 12:27:51 linuxServer dovecot: auth: Debug: auth client connected (pid=23499) Jul 3 12:28:06 linuxServer dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=imap#011secured#011no-penalty#011lip=192.168.1.2#011rip=192.169.1.3#011lport=143#011rport=50438#011resp=<hidden> Jul 3 12:28:06 linuxServer dovecot: auth-worker: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth Jul 3 12:28:06 linuxServer dovecot: auth-worker: Debug: pam(someUserLogin,192.169.1.3): lookup service=dovecot Jul 3 12:28:06 linuxServer dovecot: auth-worker: Debug: pam(someUserLogin,192.169.1.3): #1/1 style=1 msg=Password: Jul 3 12:28:06 linuxServer dovecot: auth: Debug: client out: OK#0111#011user=someUserLogin Jul 3 12:28:06 linuxServer dovecot: auth: Debug: master in: REQUEST#0111823473665#01123499#0111#0113a58da53e091957d3cd306ac4114f0b9 Jul 3 12:28:06 linuxServer dovecot: auth: Debug: passwd(someUserLogin,192.169.1.3): lookup Jul 3 12:28:06 linuxServer dovecot: auth: Debug: master out: USER#0111823473665#011someUserLogin#011system_groups_user=someUserLogin#011uid=1000#011gid=1000#011home=/home/someUserLogin Jul 3 12:28:06 linuxServer dovecot: imap-login: Login: user=<someUserLogin>, method=PLAIN, rip=192.169.1.3, lip=192.168.1.2, mpid=23503, secured

    Read the article

  • Which wireless keyboard is most secure?

    - by Axxmasterr
    I want to allow someone to use a keyboard wirelessly but I am concerned that the user passwords will be sent across the wire too. Is there a wireless keyboard that encrypts the keystream? I bought an IR keyboard setup however it lacks the range to be useful more than a few feet away from the detector. I need a range of 10 feet.

    Read the article

  • Logon onto shared Windows account using individual passwords?

    - by Tom
    In a networked WinXP environment, I have a computer-controlled device which I want to connect to the network, but allow various people to use. The computer must be left running and logged on at all times. My thought is to run the computer under a "shared account" which would allow each user to logon/unlock the screen using their own network password (i.e., the password for their personal account). Is this possible? Thanks, Tom

    Read the article

  • prevent use of 'net user' command to change passwords on windows vista / xp

    - by guest
    hello the point is, if i'm logged in (and as almost every windows user, i've got an admin-account), and someone comes across my not locked pc, it is possible to change my password the pro-way through using: net user Admin %NEW_PASSWD% what can i do to prevent that, besides not being logged in as admin. i once saw a way, where the 'net user' command was substituted by a .bat file. so if you call 'net user Admin ...', it runs this .bat-file instead, which locks the notebook immediately. problem is, i honestly don't know how i could let windows substitute eg net.exe with a .bat-file. (too little windows knowledge) do you know any way how to do it? i'd appreciate it.

    Read the article

  • using web proxies - safe to enter passwords?

    - by bergin
    Hi Wanted to check something on a local site and see how the outside world sees it. however, using a web proxy im not sure that when i enter my credentials the proxy wont record this and give the proxy owner access to my site. is there another way to see my own site as though I was on the other side?

    Read the article

  • Random password generator: many, in columns, on command line, in Linux

    - by Adam Backstrom
    A while back, I came across a random password generator for the command line that displayed a grid of "memorable" passwords. Output was something like this: adam@host:~$ CantRememberThisCommand lkajsdf aksjdfl kqwrupo qwerpoi qwerklw zxlkelq The idea was that you could run this utility while someone was looking over your shoulder, and still pick a password with some level of secrecy due to the large number of choices. I cannot remember what this utility was called. Oh interwebs, can you help?

    Read the article

  • Adding local users / passwords on Kerberized Linux box

    - by Brian
    Right now if I try to add a non-system user not in the university's Kerberos realm I am prompted for a Kerberos password anyway. Obviously there is no password to be entered, so I just press enter and see: passwd: Authentication token manipulation error passwd: password unchanged Typing passwd newuser has the same issue with the same message. I tried using pwconv in the hopes that only a shadow entry was needed, but it changed nothing. I want to be able to add a local user not in the realm and give them a local password without being bothered about Kerberos. I am on Ubuntu 10.04. Here are my /etc/pam.d/common-* files (the defaults that Ubuntu's pam-auth-update package generates): account # here are the per-package modules (the "Primary" block) account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so # here's the fallback if no module succeeds account requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around account required pam_permit.so # and here are more per-package modules (the "Additional" block) account required pam_krb5.so minimum_uid=1000 # end of pam-auth-update config auth # here are the per-package modules (the "Primary" block) auth [success=2 default=ignore] pam_krb5.so minimum_uid=1000 auth [success=1 default=ignore] pam_unix.so nullok_secure try_first_pass # here's the fallback if no module succeeds auth requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around auth required pam_permit.so # and here are more per-package modules (the "Additional" block) # end of pam-auth-update config password # here are the per-package modules (the "Primary" block) password requisite pam_krb5.so minimum_uid=1000 password [success=1 default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512 # here's the fallback if no module succeeds password requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around password required pam_permit.so # and here are more per-package modules (the "Additional" block) # end of pam-auth-update config session # here are the per-package modules (the "Primary" block) session [default=1] pam_permit.so # here's the fallback if no module succeeds session requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around session required pam_permit.so # and here are more per-package modules (the "Additional" block) session optional pam_krb5.so minimum_uid=1000 session required pam_unix.so # end of pam-auth-update config

    Read the article

  • Can GnomeKeyring store passwords unencrypted?

    - by antimeme
    I have a Fedora 15 laptop with the root and home partitions encrypted using LUKS. When it boots I have to enter a pass phrase to unlock the master key, so I have it configured to automatically log me in to my account. However, GnomeKeyring remains locked, so I have to enter another pass phrase for that. This is unpleasant and completely pointless since the entire disk is encrypted. I've not been able to find a way to configure GnomeKeyring to store its pass phrases without encryption. For example, I was not able to find an answer here: http://library.gnome.org/users/seahorse-plugins/stable/index.html.en Is there a solution? If not, is there a mailing list where it would be appropriate to plead my case?

    Read the article

  • Domain Password change causes Outlook saved POP passwords to fail

    - by Mike
    I have a user that repeatedly has this issue. A 3 month password change is enforced on the domain, but when the user changes his, Office 2003 will re-ask for the POP account password, even though it has not changed. Entering the correct POP account password causes it to repeatedly fail. If you go and change the POP password and enter the new one, then it is fine. He's the only one with this issue, but also the only user with both an Exchange and POP account. Any ideas guys? Thanks in advance :)

    Read the article

  • Domain Password change causes Outlook saved POP passwords to fail

    - by Mike
    I have a user that repeatedly has this issue. A 3 month password change is enforced on the domain, but when the user changes his, Office 2003 will re-ask for the POP account password, even though it has not changed. Entering the correct POP account password causes it to repeatedly fail. If you go and change the POP password and enter the new one, then it is fine. He's the only one with this issue, but also the only user with both an Exchange and POP account. Any ideas guys? Thanks in advance :)

    Read the article

< Previous Page | 3 4 5 6 7 8 9 10 11 12 13 14  | Next Page >