Docs/SysAdmin/Security/Passwords

From Mandriva Community Wiki

Jump to: navigation, search


This article covers commonly encountered issues to do with passwords.

Contents

Lost password

For regular user accounts

If you have a system or network administrator, ask the administrator to change your password.

If you administer your own system, use the command passwd username as root to change the password of user 'username'.

For root account

You really should not forget the root password.

Reboot the computer. When lilo starts, press [Esc]. Enter linux 1 or linux single. This will boot Mandriva Linux in runlevel 1 (single-user mode): you will be logged in directly as root.

Use passwd to change your password.

Then, you don't even need to reboot: just type telinit 5 (this gets you to runlevel 5) and normal startup will proceed.

If you are wondering "can anyone with physical access to my computer do this?", the answer is yes. In order to prevent this, see Physical security.

Changing passwords

The passwd command is used to change your password and it is recommended that you do so quite regularly to reduce the chances of an intruder compromising your system. Your user password is usually held in the file /etc/passwd, and if you are using shadow passwords, the password is held in the file /etc/shadow, which is more secure than /etc/passwd because it can only be read from and written to by the user 'root'.

The super user 'root' can also change another user's password by entering passwd username (where username is the username that you wish to change the password for).

Some helpful hints:

  • Try to choose a password that is hard to guess.
  • Try to include numbers or symbols in the password, preferably at the start, middle and end.
  • Try to make sure your password is greater than 8 characters in length.

There are password crackers, like "Crack" or "John the ripper". There are also libraries like "libCrack" which will test your password for weakness. All they do is try a lot of passwords until they happen across yours. But these password crackers first try a certain list of passwords which are commonly used. These especially weak passwords are:

  • password same as login
  • a date
  • a dictionary word
  • a combination of 4 letters and 2 digits
  • common passwords like 'password', '123456', 'boss'

A password cracking tool cannot possibly know personal information about you, but the people surrounding you do, so try not to use personal data like:

  • Your pet's name
  • Your mother's maiden name
  • The place where you live
  • Your favorite beer

In other words, a good password should be composed of all kind of characters (not only lower- and upper-case letters and numbers, but also special characters like #!=;-).

  • Protect your password

You must memorize your password. Don't write it anywhere. Use unrelated passwords for systems controlled by different organizations.

  • Use encrypted connections

Never use telnet, but ssh instead.

yppasswd - Update a user password in the NIS database

The standard passwd cannot be used under Linux to change the user's NIS password, because it only modifies the password file on the local host. For NIS configurations, it is replaced by its NIS counterpart yppasswd.

Personal tools