Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
The problem with the password (security)
The problem with the password (security)
The problem with the password. For example, say I have a password with different characters and at the end one more character. For example, "QWERTY123!". I go to the server with two passwords: 1. "QWERTY123!" And 2. "QWERTY123". How can this be understood?
OS Debian 8 x64
OS Debian 8 x64
Re: The problem with the password (security)
i don't understand the question.
these are 2 different passwords, full stop.
also, you have chosen an extremely insecure password. i hope this is just an example.
these are 2 different passwords, full stop.
also, you have chosen an extremely insecure password. i hope this is just an example.
Re: The problem with the password (security)
Sorry for my bad english... Yes this is the password example. I enter the server with two passwords "QWERTY123!" & "QWERTY123"
Re: The problem with the password (security)
"I enter the server" doesn't really tell me anything.
please provide much more information.
click on this link: http://catb.org/~esr/faqs/smart-questions.html
and read.
afaik, one user has one password.
what you are showing me are 2 different passwords.
please provide much more information.
click on this link: http://catb.org/~esr/faqs/smart-questions.html
and read.
afaik, one user has one password.
what you are showing me are 2 different passwords.
Re: The problem with the password (security)
I suspect he means he set his password to QUERTY123! but can also log on with QUERTY123
Personally I've never seen that, but also never tried to do it.
Personally I've never seen that, but also never tried to do it.
Tom Rowe
Four wheel drive allows you to get stuck
in places even more inaccessible.
Four wheel drive allows you to get stuck
in places even more inaccessible.
- GarryRicketson
- Posts: 5644
- Joined: 2015-01-20 22:16
- Location: Durango, Mexico
Re: The problem with the password (security)
The OP is not telling us enough, but my guess is something like this is going on.
Is it possible 2 different passwords could work for 1 user on linux
https://unix.stackexchange.com/question ... -passwords
I do not think it is something that could occur by accident,..maybe the OP should ask their system administrator, or server admin, how and why it has been setup this way.
understand how this is possible, how it could be accomplished, if that is what
the OP is asking, like wise it could be undone,...in fact more then likely after a couple of logins, the old password will no longer work, only the new one.
How can we understand when the OP does not tell us what they did to put the system into this state,? ...Again, if they didn't , Who did ?
I found the above because I did not think this is possible, but it is :https://tools.ietf.org/html/rfc4519#section-2.41RFC 4519 LDAP: Schema for User Applications June 2006
use a different password generated by some automated system. During
transitional periods, like the last and first day of the periods, it
may be necessary to allow two passwords for the two consecutive
periods to be valid in the system.
Is it possible 2 different passwords could work for 1 user on linux
https://unix.stackexchange.com/question ... -passwords
More :An example of a need for multiple values in the 'userPassword' attribute is an environment where every month the user is expected to use a different password generated by some automated system. During transitional periods, like the last and first day of the periods, it may be necessary to allow two passwords for the two consecutive periods to be valid in the system.
On the Linux side, nothing forbids to do it (here an account named testuser was given both pass1 and pass2 as userPassword attribute values):
Code: Select all
$ uname -a
Linux lx-vb 3.8.0-19-generic #29-Ubuntu SMP Wed Apr 17 18:16:28 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
$ grep VERSION /etc/os-release
VERSION="13.04, Raring Ringtail"
$ grep "^passwd" /etc/nsswitch.conf
passwd: files ldap
$ ldapsearch -LLL -h localhost -p 1389 -D "cn=directory manager" -w xxxxxxxx "uid=testuser" userPassword
dn: uid=testuser,ou=People,dc=example,dc=com
userPassword:: e1NTSEF9b2JWYXFDcjhNQmNJVXZXVHMzbE40SFlReStldC9XNFZ0NU4yRmc9PQ==
userPassword:: e1NTSEF9eDlnRGZ5b0NhKzNROTIzOTFha1NiR2VTMFJabjNKSWYyNkN3cUE9PQ==
$ grep testuser /etc/passwd
$ getent passwd testuser
testuser:*:12345:12345:ldap test user:/home/testuser:/bin/sh
$ sshpass -p pass1 ssh testuser@localhost id
uid=12345(testuser) gid=12345 groups=12345
$ sshpass -p pass2 ssh testuser@localhost id
uid=12345(testuser) gid=12345 groups=12345
$ sshpass -p pass3 ssh testuser@localhost id
Permission denied, please try again.
Why is it set up that way ?x-myrza wrote:Sorry for my bad english... Yes this is the password example. I enter the server with two passwords "QWERTY123!" & "QWERTY123"
I do not think it is something that could occur by accident,..maybe the OP should ask their system administrator, or server admin, how and why it has been setup this way.
It didn't make sense to me, and I did not understand the question, I still don't understand the question very well, but doing a tiny bit of searching , helped meby x-myrza » How can this be understood?
understand how this is possible, how it could be accomplished, if that is what
the OP is asking, like wise it could be undone,...in fact more then likely after a couple of logins, the old password will no longer work, only the new one.
How can we understand when the OP does not tell us what they did to put the system into this state,? ...Again, if they didn't , Who did ?
Re: The problem with the password (security)
Yes it isrovernut wrote:I suspect he means he set his password to QUERTY123! but can also log on with QUERTY123
I happened to notice it. When I enter the password and I forgot the last character. So I went into the system. Then I rechecked the situation and it works.rovernut wrote: Personally I've never seen that, but also never tried to do it.
I happened to notice it. This is a new system. The account and password are set when the system is installed. Since the account did not manipulate and did not change the password ever. When I enter the password and I forgot the last character. So I went into the system. Then I rechecked the situation and it works.GarryRicketson wrote:Why is it set up that way ?
I do not think it is something that could occur by accident,..maybe the OP should ask their system administrator, or server admin, how and why it has been setup this way.
***
How can we understand when the OP does not tell us what they did to put the system into this state,? ...Again, if they didn't , Who did ?
- stevepusser
- Posts: 12930
- Joined: 2009-10-06 05:53
- Has thanked: 41 times
- Been thanked: 72 times
Re: The problem with the password (security)
What is this server? Is it running Debian?
I can think of a situation where somehow "!" would be an invalid password character, so all the system is getting is the shorter version every time, but really have no idea how this could come about.
I can think of a situation where somehow "!" would be an invalid password character, so all the system is getting is the shorter version every time, but really have no idea how this could come about.
MX Linux packager and developer
Re: The problem with the password (security)
Linux alex 4.9.0-2-amd64 #1 SMP Debian 4.9.18-1 (2017-03-30) x86_64 GNU/Linuxstevepusser wrote:What is this server? Is it running Debian?
I can think of a situation where somehow "!" would be an invalid password character, so all the system is getting is the shorter version every time, but really have no idea how this could come about.
Distributor ID: Debian
Description: Debian GNU/Linux 9.0 (stretch)
Release: 9.0
Codename: stretch
Re: The problem with the password (security)
How are you logging into the system?
eg: Text or graphical.
Does the same thing happen with other tools (from a terminal) that require the users password?
eg: `su - $user`, 'sudo', etc.
eg: Text or graphical.
Does the same thing happen with other tools (from a terminal) that require the users password?
eg: `su - $user`, 'sudo', etc.
Re: The problem with the password (security)
i just triedand entered a password with an ! at the end, and I cannot reproduce op's behavior:
i cannot login (Login incorrect) when i leave out the '!'.
just like i said, these are 2 different passwords.
since op continually refers to "the server" - maybe they're not talking about a normal linux user password, but something else.
but even so, this behaviour seems extremely unlikely and i strongly suspect that the PEBKAC.
Code: Select all
sudo passwd debiman
i cannot login (Login incorrect) when i leave out the '!'.
just like i said, these are 2 different passwords.
since op continually refers to "the server" - maybe they're not talking about a normal linux user password, but something else.
but even so, this behaviour seems extremely unlikely and i strongly suspect that the PEBKAC.
Re: The problem with the password (security)
Text in puttyCefiar wrote:How are you logging into the system?
eg: Text or graphical.
No rootCefiar wrote: Does the same thing happen with other tools (from a terminal) that require the users password?
eg: `su - $user`, 'sudo', etc.
Re: The problem with the password (security)
Understood!
Domain controller Windows login: x-myrza(password: qwerty123)
Debian login: x-myrza(password:qwerty123!)
Debian installed kerberos for authentication AD. Because of the same login. But other AD users do not enter. I apologize for the disturbance.
Domain controller Windows login: x-myrza(password: qwerty123)
Debian login: x-myrza(password:qwerty123!)
Debian installed kerberos for authentication AD. Because of the same login. But other AD users do not enter. I apologize for the disturbance.
Re: The problem with the password (security)
This was written before the user replied mentioning that they're using an AD, and are using AD auth. Of course the issue here is that AD auth is tried first, and if that fails, it uses local auth, which apparently have similar but different passwords.
Below is the original reply as it might prove useful to someone.
Original reply:
Try running the following command as root:
# grep ^root: /etc/shadow | cut -d: -f2 | cut -d$ -f2
This should return a single digit number, which says what encryption/hash method your root password is stored in.
Here's a quick list of which method was used (not an exhaustive list):
1 MD5
2 Blowfish
2a eksBlowfish
5 SHA-256
6 SHA-512
Really, if it doesn't return 6, then I suspect that there's a configuration issue somewhere. I would suggest changing the password using `passwd root` and re-run the command to see if it's still a problem.
If it returns the whole line (ie: no $ was found), or returns an error about the file not being found, then you've got other issues, such as the system not using /etc/shadow for passwords. If you're using some method of external authentication (eg: ldap) then you need to look at why that has these problems. To be honest though, using anything external for root seems pretty weird to me, as then you can't get in if the auth method is down.
Below is the original reply as it might prove useful to someone.
Original reply:
Try running the following command as root:
# grep ^root: /etc/shadow | cut -d: -f2 | cut -d$ -f2
This should return a single digit number, which says what encryption/hash method your root password is stored in.
Here's a quick list of which method was used (not an exhaustive list):
1 MD5
2 Blowfish
2a eksBlowfish
5 SHA-256
6 SHA-512
Really, if it doesn't return 6, then I suspect that there's a configuration issue somewhere. I would suggest changing the password using `passwd root` and re-run the command to see if it's still a problem.
If it returns the whole line (ie: no $ was found), or returns an error about the file not being found, then you've got other issues, such as the system not using /etc/shadow for passwords. If you're using some method of external authentication (eg: ldap) then you need to look at why that has these problems. To be honest though, using anything external for root seems pretty weird to me, as then you can't get in if the auth method is down.
Re: The problem with the password (security)
AD = active directory? some microsoft thing?
no experience with that, sorry.
but when I saw "putty" I thought, that's where I'd put my efforts.
no experience with putty either, unfortunately, but I've seen reports that certain character sequences do not work as expected when translated through putty to a linux server.
but a simple exclamation mark?
no, only microsoft is able of something like that.
no experience with that, sorry.
but when I saw "putty" I thought, that's where I'd put my efforts.
no experience with putty either, unfortunately, but I've seen reports that certain character sequences do not work as expected when translated through putty to a linux server.
but a simple exclamation mark?
no, only microsoft is able of something like that.
Re: The problem with the password (security)
Yes. A server running Active Directory Domain Services (AD DS) is called a domain controller. It authenticates and authorizes all users and computers in a Windows domain type network—assigning and enforcing security policies for all computers and installing or updating software.debiman wrote:AD = active directory? some microsoft thing?
no experience with that, sorry.
Putty is for me the most convenient client for managing ssh.debiman wrote:but when I saw "putty" I thought, that's where I'd put my efforts.
no experience with putty either, unfortunately, but I've seen reports that certain character sequences do not work as expected when translated through putty to a linux server.
Of course the issue here is that AD auth is tried first, and if that fails, it uses local auth, which apparently have similar but different passwords.debiman wrote:but a simple exclamation mark?
no, only microsoft is able of something like that.
Debiman thank you very much for your help!
Re: The problem with the password (security)
for windows maybe.x-myrza wrote:Putty is for me the most convenient client for managing ssh.