LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 09-18-2009, 10:15 AM   #1
planetmars
LQ Newbie
 
Registered: Nov 2008
Posts: 22

Rep: Reputation: 15
passwd command says BAD PASSWORD


Root password of our server was root123. Last month, I changed it to planetmars321
There were few scripts where the old password (root123) was hard coded in the script. These scripts stopped working. As there are many scripts in our LAN, it was decided to change the password to root123 again, till all the script files using this password are identified. When I try to change the password back to root123, the passwd command is giving the following error message :
BAD PASSWORD. Dictionary word (or some similar message)

It is not changing the password. How do I bypass this check and change the root password to root123 again ?
Thanks in advance
 
Old 09-18-2009, 10:19 AM   #2
compgenius999
Member
 
Registered: Aug 2009
Location: England
Distribution: Fedora 13
Posts: 73

Rep: Reputation: 15
The reason it isn't letting you change it back to root123 is because it knows its been used before, and I think passwd is set to not allow old passwords to be used a second time
 
Old 09-18-2009, 07:29 PM   #3
kapilbajpai88
Member
 
Registered: Jul 2008
Location: Bangalore, India
Distribution: RHEL
Posts: 235

Rep: Reputation: 41
Cool

Hi All,

Yes, I think by default, used passwords can't be used again over Linux. Also, if the password is very easily traceable, than also Linux will not allow you to set that.

Maybe, someone can suggest us where to check these default settings.....

Cheers,
Kapil
 
Old 09-18-2009, 07:38 PM   #4
planetmars
LQ Newbie
 
Registered: Nov 2008
Posts: 22

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by kapilbajpai88 View Post
Hi All,

Yes, I think by default, used passwords can't be used again over Linux. Also, if the password is very easily traceable, than also Linux will not allow you to set that.

Maybe, someone can suggest us where to check these default settings.....

Cheers,
Kapil
It is not allowing me to change it to 'jupiter123'
Is there a way to allow passwords which are in dictionary ? Where are the settings/dictionary located in RHEL ?

Last edited by planetmars; 09-18-2009 at 07:43 PM.
 
Old 09-18-2009, 08:37 PM   #5
lutusp
Member
 
Registered: Sep 2009
Distribution: Fedora
Posts: 835

Rep: Reputation: 101Reputation: 101
Quote:
Originally Posted by planetmars View Post
It is not allowing me to change it to 'jupiter123'
Is there a way to allow passwords which are in dictionary ? Where are the settings/dictionary located in RHEL ?
Try concatenating two dictionary words. They are easy for a person to remember, but difficult for a password cracker program to hit upon. AOL once use this scheme to generate user passwords (users weren't allowed to choose their own password).

The two-word approach requires a dictionary scan squared (say, 80*10^3 squared = 6.4*10^9). That's pretty daunting, but maybe this is no longer regarded as difficult enough.

I don't see why a password security routine would disallow a dictionary word followed by a string of numbers -- this would take a huge effort to crack.
 
Old 09-18-2009, 11:50 PM   #6
btncix
Member
 
Registered: Aug 2009
Location: NC, USA
Distribution: Slackware x86
Posts: 141

Rep: Reputation: 26
I don't know if it will make a difference, but try booting up in single user mode, and then try to change the password for root user.
 
Old 09-19-2009, 01:27 AM   #7
Wim Sturkenboom
Senior Member
 
Registered: Jan 2005
Location: Roodepoort, South Africa
Distribution: Slackware 10.1/10.2/12, Ubuntu 12.04, Crunchbang Statler
Posts: 3,786

Rep: Reputation: 282Reputation: 282Reputation: 282
You're talking about scripts. Wouldn't it be an idea to run a find/grep for root123. Scripts are text-based so you should be able to find them all (unless they were stored encrypted).

e.g:
Code:
find . -name "*" -exec grep -H root123 {} \;
 
Old 09-19-2009, 02:36 AM   #8
planetmars
LQ Newbie
 
Registered: Nov 2008
Posts: 22

Original Poster
Rep: Reputation: 15
I want the the scripts to start running immediately, as updating the passwords in all those files will take some time. Issue is urgent, as some file backups are not happening. That is why, I want to change the password to root123 immediately. Later, I will re-group all the scripts in one directory and change the passwords.
 
Old 09-19-2009, 04:31 AM   #9
r3sistance
Senior Member
 
Registered: Mar 2004
Location: UK
Distribution: CentOS 5.4, Mac OS 10.4 (tiger)
Posts: 1,005

Rep: Reputation: 79
These passwords are fairly weak, if these scripts are just trying to speak to another server perhaps something like SSH Keys might be a more secure method of allowing the scripts to talk to the server? Personally I think setting up the scripts and servers with stronger passwords then you are using (and not using a password you just quoted on to internet forums) would be more then highly recommended to protect yourself against things like brute force and dictionary attacks better.
 
Old 09-19-2009, 04:42 AM   #10
lutusp
Member
 
Registered: Sep 2009
Distribution: Fedora
Posts: 835

Rep: Reputation: 101Reputation: 101
Quote:
Originally Posted by planetmars View Post
I want the the scripts to start running immediately, as updating the passwords in all those files will take some time. Issue is urgent, as some file backups are not happening. That is why, I want to change the password to root123 immediately. Later, I will re-group all the scripts in one directory and change the passwords.
I know you have other priorities, but you need to realize that putting passwords in shell scripts is a very bad idea. It is an amazing security breach just waiting for a hacker to arrive.

Look at the read permissions of the files containing the passwords -- some of them will turn out to be universally readable, which means anyone can get system passwords by reading the files.

The fact that you now have to change a bunch of scripts to replace an old password with a new one is the least of your troubles. While I am on about this, why not create one shell script named THE_PASSWORD containing the password, so each script that needs the password can do this --

Code:
. THE PASSWORD
-- thus acquiring a password variable defined within it. This will save you from your present problem (you only have to change one line in one file), and better, the script named THE_PASSWORD will be easier for hackers to locate.

Or, you can improve things further by eliminating passwords altogether. That's only a small step away from what you're doing now.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
passwd command modifies /etc/password? pantuflo Linux - Newbie 1 08-06-2009 12:18 PM
changing password of a user without using passwd command anerudhbalaji Linux - Software 2 05-22-2009 02:10 PM
Turn off "Bad password" forcing in passwd Rotwang Linux - General 1 05-02-2006 08:55 AM
passwd: Bad password, too simplistic ??? qwijibow Linux - Security 2 02-05-2005 04:58 PM


All times are GMT -5. The time now is 07:53 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration