LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-28-2011, 11:50 AM   #16
Niartov
LQ Newbie
 
Registered: Feb 2009
Posts: 8

Rep: Reputation: 0

Why would this be a good idea? After the person is gone the passwords should be changed. From a security perspective continuing to distribute a password around that you don't know what it is. Even with people I have trusted removing access is a priority when someone leaves.
 
Old 04-28-2011, 11:54 AM   #17
Glacoras
LQ Newbie
 
Registered: Apr 2011
Posts: 3

Rep: Reputation: 0
I might be in the wrong ballpark, but couldn't you use a CD like OpCrack to obtain the password? All you would really need is a server you could reset without disrupting anyone's work.
 
Old 04-28-2011, 01:32 PM   #18
rjo98
Senior Member
 
Registered: Jun 2009
Location: US
Distribution: RHEL, CentOS
Posts: 1,695

Original Poster
Rep: Reputation: 48
to try to catch up on some posts

1) all linux servers
2) password was changed in between the old admin leaving and me arriving, just nobody remembers it
 
Old 04-28-2011, 02:56 PM   #19
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
Quote:
Originally Posted by rjo98
password was changed in between the old admin leaving and me arriving, just nobody remembers it
rjo98, I gotta say, pal: if you weren't a long-term member with 800+ posts, I'd be reporting this for soliciting cracking advice...

Here's the thing - you are concerned that if you change the password, things will start breaking. Simple steps to finding where that password is hardcoded:
  • Change the password on one server
  • See which application breaks
  • Carefully review the borked application (wrappers, source code, configs, etc.), and find where the password is hardcoded

Voila. You've got your password.
 
Old 04-28-2011, 03:00 PM   #20
rjo98
Senior Member
 
Registered: Jun 2009
Location: US
Distribution: RHEL, CentOS
Posts: 1,695

Original Poster
Rep: Reputation: 48
hahaha, thanks anomie. I mean, i could just create a new account and setup the processes I know going forward with that, which i'm not horribly opposed to. At this point I think this post is more academic in helping me learn than anything, never really had to think about this before.

I'll probably just go with the create new account method I'm thinking. Things here are setup in the most non-ideal way its a pain to even figure out what's going on, i'm working on cleaning it up slowly but surely.
 
Old 04-28-2011, 03:12 PM   #21
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
To explore the 'strictly research' angle further, then: I really do recommend that you set up a box and practice with John the Ripper. Install it, learn about it, run it against hashes, tweak it, run it against more hashes.

As a sysadmin, it is good to have an understanding about how common password cracking approaches work. The utility can additionally be used to audit for weak passwords - particularly if your predecessors have a history of not enforcing strong ones.

-------

I'd add: I took a weekend to familiarize myself with John the Ripper, and it was time very well spent. I propped up a (free) Amazon EC2 instance, and let it bang away at various passwords that I pre-selected. Based on the results, I modified the algorithm John followed a bit, and fine-tuned it to a happy place.

You will realize very quickly that simple passwords can be cracked in seconds in most cases. You'll also see that sufficiently strong passwords will take many months or many years unless you have the computing capacity of a large corporation or gov't.

Last edited by anomie; 04-28-2011 at 03:15 PM. Reason: anecdote.
 
1 members found this post helpful.
Old 04-28-2011, 03:15 PM   #22
rjo98
Senior Member
 
Registered: Jun 2009
Location: US
Distribution: RHEL, CentOS
Posts: 1,695

Original Poster
Rep: Reputation: 48
cool, thanks anomie
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
recovering root password rkd7474 Linux - Newbie 8 02-09-2011 02:25 AM
Recovering password from cinternet kaesekrainer Linux - General 2 08-04-2007 02:31 AM
recovering root password isaacvimal Red Hat 3 04-02-2005 08:47 AM
Recovering Linux Password. chamalsl Linux - Security 6 02-14-2005 11:16 AM
Recovering XP Password using Knoppix doctor_damien Linux - Newbie 6 05-03-2004 03:09 AM


All times are GMT -5. The time now is 03:03 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration