Password management

Open forum for security issues and info.
Forum rules
Any posts concerning pirated software or offering to buy/sell/trade commercial software are subject to removal.
Satoru
Posts: 489
Joined: Sun Feb 23, 2003 2:07 am
Location: Italy
Contact:

Password management

Unread postby Satoru » Tue May 27, 2003 2:34 am

I don't like the default password policies of Irix (6.5.14f currently installed) and I'd like to use password longer than 8 character and even without numbers.
Where I have to go to set this?

Thanks
Marco

shrek
Posts: 260
Joined: Fri Apr 18, 2003 1:32 pm
Location: Vleuten, The Netherlands
Contact:

Unread postby shrek » Tue May 27, 2003 4:31 am

I would like to know that too! On my previous server I had the oppertunity to use MD5 for password (as a setup question) but I haven't seen anything like that for SGI so I anyone knows....

orionpi
Posts: 110
Joined: Thu Jan 30, 2003 12:58 am
Location: Seattle
Contact:

Unread postby orionpi » Tue May 27, 2003 2:11 pm

You can set longer passwords at the command line. Not sure is it has relaxed password streanth checking. You can enable MD5 in the System Manager -> Security and Access Control -> Imporve System Security.

User avatar
Slide
Posts: 114
Joined: Thu Jan 23, 2003 5:10 am
Location: WI, US
Contact:

Unread postby Slide » Wed May 28, 2003 5:56 am

Using longer passwords without using MD5 is probably not going to accomplish much, as most system libraries only crypt/store the first 8 characters, so while your password might be 16 chars long, the system will pass authentication if you only enter the first 8.

Enabling MD5 should encourage the system to pay attention to the entire password, but I'm unsure whether this will relaxe any password strength enforcement or not.

<soapbox>
It's not a good idea to relaxe password strength requirements anyway, as they are put in place for a specific purpose -- to keep your machine/network safe. Obviously, if the machine is behind a tight firewall at your house, or isn't connected to the Internet at all, then this is probably a moot point, but if your machine is connected to the 'net, and/or in an office/public facility/etc., I would strongly suggest abiding by whatever password strength requirements the OS throws at you. It's easier to remember a password like 'alph4b3t5oup' that's stored inside an MD5 hash than it is to reinstall your OS after an unwanted intruder has trojan'd your box and destroyed several key services...
</soapbox>

Cheers!

Satoru
Posts: 489
Joined: Sun Feb 23, 2003 2:07 am
Location: Italy
Contact:

Unread postby Satoru » Wed May 28, 2003 8:29 am

Well, at the moment I'm not provided with a full time internet connection at home, that's where the machine will be sitting.
It's also my desire once such connection become available to have the Indigo2 behaving like a proxy/firewal and in general as the "service provider" of my house.
As I have several machines at home I'd prefer to have the same administrative password for all of them.
The machine is currently requiring a password that is 6-to-8 char including both letters and numbers: I don't really feel this to be a lot stronger than maybe 18 letters.
I also expect to be able to set the builtin 10mbit interface as not trusted and having the connection on this network initialized from the I2 itself while the EISA 100 bit will connect to the home network providing all the services like DNS, DHCP, NFS ecc...
I'll work on that :)

Bye
Marco/Sat

shrek
Posts: 260
Joined: Fri Apr 18, 2003 1:32 pm
Location: Vleuten, The Netherlands
Contact:

Unread postby shrek » Wed May 28, 2003 10:48 am

Is MD5 new or something? I can't find the option on my Origin 200 (IRIX 6.5.17m)

Options available at "Improve System Security":
Require root passwrod
Disable Java/JavaScript for root
remove NIS accounts
Use shadow password file
Require passwords at login
Disable the Visual Login Screen
Disable privileged users
Protect new users' files
disable remote display
Disable IP forwarding
Disable Outbox Web Server

So my question is this only available using an extra software package or is it only in a later version of IRIX?

User avatar
nekonoko
Site Admin
Site Admin
Posts: 8145
Joined: Thu Jan 23, 2003 1:31 am
Location: Pleasanton, California
Contact:

Unread postby nekonoko » Wed May 28, 2003 10:53 am

I don't see it in my install of 6.5.20 either ...
Twitter: @neko_no_ko
IRIX Release 4.0.5 IP12 Version 06151813 System V
Copyright 1987-1992 Silicon Graphics, Inc.
All Rights Reserved.

Satoru
Posts: 489
Joined: Sun Feb 23, 2003 2:07 am
Location: Italy
Contact:

Unread postby Satoru » Fri May 30, 2003 5:39 am

Option not available on the graphic interface for 6.5.14...
Maybe we shoul look into some esotheric configration file?

Marco/Sat

User avatar
nekonoko
Site Admin
Site Admin
Posts: 8145
Joined: Thu Jan 23, 2003 1:31 am
Location: Pleasanton, California
Contact:

Unread postby nekonoko » Sat Jun 14, 2003 10:44 pm

Satoru wrote:Option not available on the graphic interface for 6.5.14...
Maybe we shoul look into some esotheric configration file?

Marco/Sat


IRIX doesn't support long passwords or MD5 at this time.
Twitter: @neko_no_ko
IRIX Release 4.0.5 IP12 Version 06151813 System V
Copyright 1987-1992 Silicon Graphics, Inc.
All Rights Reserved.


Return to “SGI: Security”

Who is online

Users browsing this forum: No registered users and 1 guest