LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 02-23-2005, 03:31 AM   #1
sxcheng
LQ Newbie
 
Registered: Sep 2003
Posts: 1

Rep: Reputation: 0
How to force user to enter username and password


Hi
I am a linux newb, recently I have setup a mail server using RH9.0/sendmail and openwebmail 2.50 for user access email outside office

now everything working fine. when user access openwebmail, it prompt for username and password, but some user set the IE to remember password so they don't need to keyin password everytime

now my boss want me to do something on the server side (not the client side), even the user saved password on IE, the openwebmail will still prompt to enter username and password.

I don't know where to start? is it something I need to change on the apache or the openwebmail ?

I am appreciate if someone can give me some advise.

thanks
 
Old 02-23-2005, 05:46 AM   #2
scott_R
Member
 
Registered: Jul 2003
Location: Brighton, Michigan, USA
Distribution: Lots of distros in the past, now Linux Mint
Posts: 746

Rep: Reputation: 31
It's fairly easy, you'll simply need to disable the acceptance of cookies that were set up originally to make things easier for users. This is easy enough, you simply disable their acceptance on your server, or alternatively, set up a "blank" cookie, that errors out any existing cookies, and causes the browser to pop up another password box. Naturally, if you zap the cookie code in your website pages, the cookies are nothing but wasted space on the users drives.

With FireFox/Mozilla/Opera, and real browser (everything but old crusty IE), you may have to fight forms as well. This is easy enough, you simply use a randomizer in the address (php is beautiful for this), in other words, instead of http://my.com/, you would use http://my.com/?randomnumbersandlette...esitewasraised

Basically, there are a lot of ways to do this, most of which is pretty basic programming knowledge/website scripting, but it's not something your average MS admin/network guy is going to be able to properly address, because most of those folks barely do the minimum to keep their jobs. Using IE, after most companies, security organizations, governments, etc., have migrated to more secure browsers, just shows how far your firm still has to go simply to catch up to minimally acceptable security standards, so worrying about cookies and logins from internal users is kind of missing the point.

Sorry, but cookies don't mean much when viruses, spyware, adware, keyloggers, and a multitude of other problems are the more relevant threat.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to force a user to change their NIS password at logon? synthol6 AIX 1 08-17-2010 08:47 PM
How do i re-install or delete a user without knowing the username or password? burnoutKyle Red Hat 4 03-12-2004 02:21 PM
Cant enter password lex0429 Mandriva 1 09-26-2003 10:33 AM
I canīt enter the password!! Andres_age Linux - General 3 11-11-2002 01:33 PM
Required to enter username and password too many times rdaves@earthlink.net LQ Suggestions & Feedback 2 06-17-2001 09:38 PM


All times are GMT -5. The time now is 03:48 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration