Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I just started a WISP - because I needed another challenge... I'm only offering email service and internet access to my customers. So, when I set up a user account, I give the account a password and then configure the user's computer (usually Windows-based OS) with that password for email access - checking the "save password" check box.
But, how can I allow my customers to change their own passwords without using Secure SSH to login to the server? Preferably, I would like to use a hotlink on a website. Is this an easy set-up on Fedora? If not, then is there a software package that I could install to do this.
So what you are saying is you are usiing FEDORA linux as a mail server, and you want your customers to be able to change their passwords using a simple webpage on a web-browser interface ?
The obviouse sokution is to first install APACHE web server, and use a CGI script to change their password.
Use a simple Form that asks for $1 Username, $2 old password, $3 new password, $4 re-type new password.
then the CGI script runs the passwd command as the username entered in $1 (with password $2) and gives the program the new password in $3 and $4.
its very simple... HOWEVER..
a HUGE word of warning... CGI scipts are famous for being easy to hack. make sure the cgi scripts run with minimal rights, and are protected from code injection exploits.
Thanks for the suggestion. But, I am no longer a programmer (I used to hobby around as one) and was hoping to find something free online that I could incorporate. Thanks for the warning, too. That has me scared enough to not even try to write the script!
then have a look at this project.... http://www.rajeevnet.com/linux/passw...sswd_sync.html
its a webpage that is diesigned for changing UNIX and Windows NIS passwords. but you can edit it to Only change the Unix (Linux) password.
it may take a little tweaking (and the website need re-designing.. its UGLY) but its easy enough.
no form of remote login is secure.
loging via telnet means sniffers can get passwords...
logging in via secure shell (ssh) is not much better.... ssh hashes passwords, but the hashed passwords can still be stolen and used to loggin just like a plain text password.
this is even worse over wireles networks... in conventional ethernet, the Hum / Gateway has to be hacked to sniff passwords... or a machine under the controll of the attacker must be attacked to the wire.... but in wireless network, anyone in range can steal passwords.