The problem with the password (security)

If none of the more specific forums is the right place to ask

The problem with the password (security)

Postby x-myrza » 2017-04-13 07:45

The problem with the password. For example, say I have a password with different characters and at the end one more character. For example, "QWERTY123!". I go to the server with two passwords: 1. "QWERTY123!" And 2. "QWERTY123". How can this be understood?
OS Debian 8 x64
x-myrza
 
Posts: 7
Joined: 2017-04-13 07:36

Re: The problem with the password (security)

Postby debiman » 2017-04-13 07:58

i don't understand the question.
these are 2 different passwords, full stop.

also, you have chosen an extremely insecure password. i hope this is just an example.
User avatar
debiman
 
Posts: 1017
Joined: 2013-03-12 07:18

Re: The problem with the password (security)

Postby x-myrza » 2017-04-13 08:29

Sorry for my bad english... Yes this is the password example. I enter the server with two passwords "QWERTY123!" & "QWERTY123"
x-myrza
 
Posts: 7
Joined: 2017-04-13 07:36

Re: The problem with the password (security)

Postby debiman » 2017-04-13 10:46

"I enter the server" doesn't really tell me anything.
please provide much more information.
click on this link: http://catb.org/~esr/faqs/smart-questions.html
and read.

afaik, one user has one password.
what you are showing me are 2 different passwords.
User avatar
debiman
 
Posts: 1017
Joined: 2013-03-12 07:18

Re: The problem with the password (security)

Postby rovernut » 2017-04-13 22:44

I suspect he means he set his password to QUERTY123! but can also log on with QUERTY123

Personally I've never seen that, but also never tried to do it.
Tom Rowe

Four wheel drive allows you to get stuck
in places even more inaccessible.
rovernut
 
Posts: 82
Joined: 2013-11-20 10:50

Re: The problem with the password (security)

Postby GarryRicketson » 2017-04-14 01:33

The OP is not telling us enough, but my guess is something like this is going on.


https://tools.ietf.org/html/rfc4519#section-2.41RFC 4519 LDAP: Schema for User Applications June 2006


use a different password generated by some automated system. During
transitional periods, like the last and first day of the periods, it
may be necessary to allow two passwords for the two consecutive
periods to be valid in the system.


I found the above because I did not think this is possible, but it is :
Is it possible 2 different passwords could work for 1 user on linux
https://unix.stackexchange.com/questions/90684/can-you-give-a-user-account-multiple-passwords
An example of a need for multiple values in the 'userPassword' attribute is an environment where every month the user is expected to use a different password generated by some automated system. During transitional periods, like the last and first day of the periods, it may be necessary to allow two passwords for the two consecutive periods to be valid in the system.

More :
On the Linux side, nothing forbids to do it (here an account named testuser was given both pass1 and pass2 as userPassword attribute values):

Code: Select all
 $ uname -a
Linux lx-vb 3.8.0-19-generic #29-Ubuntu SMP Wed Apr 17 18:16:28 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
$ grep VERSION /etc/os-release
VERSION="13.04, Raring Ringtail"
$ grep "^passwd" /etc/nsswitch.conf
passwd: files ldap
$ ldapsearch -LLL -h localhost -p 1389 -D "cn=directory manager" -w xxxxxxxx "uid=testuser" userPassword
dn: uid=testuser,ou=People,dc=example,dc=com
userPassword:: e1NTSEF9b2JWYXFDcjhNQmNJVXZXVHMzbE40SFlReStldC9XNFZ0NU4yRmc9PQ==
userPassword:: e1NTSEF9eDlnRGZ5b0NhKzNROTIzOTFha1NiR2VTMFJabjNKSWYyNkN3cUE9PQ==
$ grep testuser /etc/passwd
$ getent passwd testuser
testuser:*:12345:12345:ldap test user:/home/testuser:/bin/sh
$ sshpass -p pass1 ssh testuser@localhost id
uid=12345(testuser) gid=12345 groups=12345
$ sshpass -p pass2 ssh testuser@localhost id
uid=12345(testuser) gid=12345 groups=12345
$ sshpass -p pass3 ssh testuser@localhost id
Permission denied, please try again.


x-myrza wrote:Sorry for my bad english... Yes this is the password example. I enter the server with two passwords "QWERTY123!" & "QWERTY123"

Why is it set up that way ?

I do not think it is something that could occur by accident,..maybe the OP should ask their system administrator, or server admin, how and why it has been setup this way.

by x-myrza » How can this be understood?

It didn't make sense to me, and I did not understand the question, I still don't understand the question very well, but doing a tiny bit of searching , helped me
understand how this is possible, how it could be accomplished, if that is what
the OP is asking, like wise it could be undone,...in fact more then likely after a couple of logins, the old password will no longer work, only the new one.
How can we understand when the OP does not tell us what they did to put the system into this state,? ...Again, if they didn't , Who did ?
User avatar
GarryRicketson
 
Posts: 3983
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: The problem with the password (security)

Postby x-myrza » 2017-04-14 03:40

rovernut wrote:I suspect he means he set his password to QUERTY123! but can also log on with QUERTY123

Yes it is

rovernut wrote:Personally I've never seen that, but also never tried to do it.

I happened to notice it. When I enter the password and I forgot the last character. So I went into the system. Then I rechecked the situation and it works.

GarryRicketson wrote:Why is it set up that way ?
I do not think it is something that could occur by accident,..maybe the OP should ask their system administrator, or server admin, how and why it has been setup this way.
***
How can we understand when the OP does not tell us what they did to put the system into this state,? ...Again, if they didn't , Who did ?

I happened to notice it. This is a new system. The account and password are set when the system is installed. Since the account did not manipulate and did not change the password ever. When I enter the password and I forgot the last character. So I went into the system. Then I rechecked the situation and it works.
x-myrza
 
Posts: 7
Joined: 2017-04-13 07:36

Re: The problem with the password (security)

Postby stevepusser » 2017-04-14 04:14

What is this server? Is it running Debian?

I can think of a situation where somehow "!" would be an invalid password character, so all the system is getting is the shorter version every time, but really have no idea how this could come about.
The MX Linux repositories: Backports galore! If we don't have something, just ask and we'll try--we like challenges. New packages: AzPainter 2.0.6, Pale Moon 27.3.0, Liquorix kernel 4.11-9, mpv 0.25.0, Kodi 17.3, Ksnip 1.3.1, Mesa 13.0.6
User avatar
stevepusser
 
Posts: 8345
Joined: 2009-10-06 05:53

Re: The problem with the password (security)

Postby x-myrza » 2017-04-14 05:55

stevepusser wrote:What is this server? Is it running Debian?

I can think of a situation where somehow "!" would be an invalid password character, so all the system is getting is the shorter version every time, but really have no idea how this could come about.

Linux alex 4.9.0-2-amd64 #1 SMP Debian 4.9.18-1 (2017-03-30) x86_64 GNU/Linux
Distributor ID: Debian
Description: Debian GNU/Linux 9.0 (stretch)
Release: 9.0
Codename: stretch
x-myrza
 
Posts: 7
Joined: 2017-04-13 07:36

Re: The problem with the password (security)

Postby Cefiar » 2017-04-14 06:33

How are you logging into the system?
eg: Text or graphical.

Does the same thing happen with other tools (from a terminal) that require the users password?
eg: `su - $user`, 'sudo', etc.
Cefiar
 
Posts: 18
Joined: 2017-03-25 22:50

Re: The problem with the password (security)

Postby debiman » 2017-04-14 06:57

i just tried
Code: Select all
sudo passwd debiman
and entered a password with an ! at the end, and I cannot reproduce op's behavior:
i cannot login (Login incorrect) when i leave out the '!'.
just like i said, these are 2 different passwords.

since op continually refers to "the server" - maybe they're not talking about a normal linux user password, but something else.

but even so, this behaviour seems extremely unlikely and i strongly suspect that the PEBKAC.
User avatar
debiman
 
Posts: 1017
Joined: 2013-03-12 07:18

Re: The problem with the password (security)

Postby x-myrza » 2017-04-14 07:02

Cefiar wrote:How are you logging into the system?
eg: Text or graphical.

Text in putty
Cefiar wrote:Does the same thing happen with other tools (from a terminal) that require the users password?
eg: `su - $user`, 'sudo', etc.

No root
x-myrza
 
Posts: 7
Joined: 2017-04-13 07:36

Re: The problem with the password (security)

Postby x-myrza » 2017-04-14 07:42

Understood! :P
Domain controller Windows login: x-myrza(password: qwerty123)
Debian login: x-myrza(password:qwerty123!)
Debian installed kerberos for authentication AD. Because of the same login. But other AD users do not enter. :lol: I apologize for the disturbance. :)
x-myrza
 
Posts: 7
Joined: 2017-04-13 07:36

Re: The problem with the password (security)

Postby Cefiar » 2017-04-14 07:57

This was written before the user replied mentioning that they're using an AD, and are using AD auth. Of course the issue here is that AD auth is tried first, and if that fails, it uses local auth, which apparently have similar but different passwords.

Below is the original reply as it might prove useful to someone.

Original reply:

Try running the following command as root:

# grep ^root: /etc/shadow | cut -d: -f2 | cut -d$ -f2

This should return a single digit number, which says what encryption/hash method your root password is stored in.

Here's a quick list of which method was used (not an exhaustive list):
1 MD5
2 Blowfish
2a eksBlowfish
5 SHA-256
6 SHA-512

Really, if it doesn't return 6, then I suspect that there's a configuration issue somewhere. I would suggest changing the password using `passwd root` and re-run the command to see if it's still a problem.

If it returns the whole line (ie: no $ was found), or returns an error about the file not being found, then you've got other issues, such as the system not using /etc/shadow for passwords. If you're using some method of external authentication (eg: ldap) then you need to look at why that has these problems. To be honest though, using anything external for root seems pretty weird to me, as then you can't get in if the auth method is down.
Cefiar
 
Posts: 18
Joined: 2017-03-25 22:50

Re: The problem with the password (security)

Postby debiman » 2017-04-15 04:01

AD = active directory? some microsoft thing?
no experience with that, sorry.

but when I saw "putty" I thought, that's where I'd put my efforts.
no experience with putty either, unfortunately, but I've seen reports that certain character sequences do not work as expected when translated through putty to a linux server.

but a simple exclamation mark?
no, only microsoft is able of something like that.
User avatar
debiman
 
Posts: 1017
Joined: 2013-03-12 07:18

Next

Return to General Questions

Who is online

Users browsing this forum: No registered users and 6 guests

fashionable