I like that you're too polite to suggest that someone who wants to list password information for a user might accidentally type "sudo passwd -l" instead of "sudo chage -l" and lock the account of the user without realizing it. As someone who would of course never make that kind of mistake I'm glad you included it in the video. 😉
Jay, As a SysAdmin for 30+ years I've found some users would keep locking out their account and calling 1st line support (avoiding me) just so they could weasel their way back into setting their 10 year old "Super strong" password back using tears, threats, chocolate bars, favours etc. I would routinely run Johntheripper against the passwords to check for myself for weak ones.
And send the password back to them in a clear text email, saying "If you change your password back to 'MySuperStrongPassword' one more time, I'll delete all your files." 😁
Super useful; I didn't know passwd can do things other to than change passwords, cool Jay. Can we dwell more on shadow files please? Override set password & things like that, idk. Thanks Jay once again.
Password expiration horrible. It is the single greatest threat to a network. Tim didn't reset his password, he calls in to get it reset, its so common that verification standards have to be lowered. Tim gets his password reset but...... its a trick, Tim is really some guy in Nigeria who now has access to your network. Locking out an account after to many password attempts is also a great way to get your network compromised. Time outs are fine, but its better to just reduce access or to contact HR when there too many password attempt. Let HR contact the employee and or supervisor to resolve the issue.
The security community has because of bad experiences come to the conclusion that both time based password expiry and minimum password lifetimes are contraproductive™. Both result in users having insecure passwords. Just keep the hashes (salted and peppered of cause) of ALL previous passwords.
RHEL have added places where one can hardel passwords... login.conf; sustem.auth; passwd.auth; pwquality.conf Why so many? Are they all needed? Can one point to pwquality inside passwd.auth and only use that? doesn't pwquality make the others redundant?
I like that you're too polite to suggest that someone who wants to list password information for a user might accidentally type "sudo passwd -l" instead of "sudo chage -l" and lock the account of the user without realizing it. As someone who would of course never make that kind of mistake I'm glad you included it in the video. 😉
Buddy, you’re the most useful linux channel on UA-cam. Thanks alot to you for everything you do.😊
You’re the most useful linux channel on UA-cam. Thank you for everything you do
Jay, As a SysAdmin for 30+ years I've found some users would keep locking out their account and calling 1st line support (avoiding me) just so they could weasel their way back into setting their 10 year old "Super strong" password back using tears, threats, chocolate bars, favours etc. I would routinely run Johntheripper against the passwords to check for myself for weak ones.
And send the password back to them in a clear text email, saying "If you change your password back to 'MySuperStrongPassword' one more time, I'll delete all your files." 😁
Setting expiration date for Neo, Trinity and Morpheus? Now we finally know who is behind Matrix, Jay...or rather Mr. Smith?!
Do a videoa bout Ldap and about a linux network environment, like access shared folders.
This video is really useful to me, thank you Jay.
Super useful; I didn't know passwd can do things other to than change passwords, cool Jay.
Can we dwell more on shadow files please? Override set password & things like that, idk.
Thanks Jay once again.
That might be something to go over later in the series, thank you for the suggestion.
Very well presented, thank you.
2021-10-01 : Jay said after October 1st, is it not on after midnight end of September ?
Great work Thank you
Thanks for these videos!!!!!
Could be extended with other useful operations like setting password complexity or preventing users from reusing old passwords etc.
Password expiration horrible. It is the single greatest threat to a network. Tim didn't reset his password, he calls in to get it reset, its so common that verification standards have to be lowered. Tim gets his password reset but...... its a trick, Tim is really some guy in Nigeria who now has access to your network.
Locking out an account after to many password attempts is also a great way to get your network compromised. Time outs are fine, but its better to just reduce access or to contact HR when there too many password attempt. Let HR contact the employee and or supervisor to resolve the issue.
Any chance for a video on how login.conf ; passwd.auth ; system.auth ; pwquality all fit together?
Thank you so much
Informative
AWESOME
有用,学习了
The security community has because of bad experiences come to the conclusion that both time based password expiry and minimum password lifetimes are contraproductive™.
Both result in users having insecure passwords. Just keep the hashes (salted and peppered of cause) of ALL previous passwords.
Please upload to Odysee!
Odysee is not something I'm targeting at this time, but you never know, keep an eye on the website to see if there's any changes.
Needing password expirations on Linux? That's a world I don't live in.
RHEL have added places where one can hardel passwords...
login.conf; sustem.auth; passwd.auth; pwquality.conf
Why so many? Are they all needed? Can one point to pwquality inside passwd.auth and only use that? doesn't pwquality make the others redundant?
Any chance for a video on how login.conf ; passwd.auth ; system.auth ; pwquality all fit together?