LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-04-2011, 10:54 PM   #1
anirvan
LQ Newbie
 
Registered: Jun 2011
Location: India
Distribution: CentOS
Posts: 7

Rep: Reputation: Disabled
password security


By default in Linux system user enter his login password for login. Can we set dual password protection in place of single password (either some script or modifying some conf files or some other methods)???
 
Old 06-04-2011, 11:28 PM   #2
schachwizard
Member
 
Registered: Sep 2010
Location: Philly
Distribution: OpenSuse
Posts: 67

Rep: Reputation: 3
Could you explain what you mean by dual password? As in, the user first enters one password, then, if that one's correct, a second password must be entered?
 
Old 06-06-2011, 01:00 PM   #3
anirvan
LQ Newbie
 
Registered: Jun 2011
Location: India
Distribution: CentOS
Posts: 7

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by schachwizard View Post
Could you explain what you mean by dual password? As in, the user first enters one password, then, if that one's correct, a second password must be entered?
Thanks for your replay,
Yes, I just want to set one more password for authentication, can PAM do this job for me? If the answer is yes please tell me which configuration file to edit and how…
 
Old 06-06-2011, 03:17 PM   #4
honeybadger
Member
 
Registered: Aug 2007
Location: India
Distribution: Slackware (mainly) and then a lot of others...
Posts: 855

Rep: Reputation: Disabled
Looking at /etc/passwd or /etc/shadow I do not think you can have dual passwords perse.
Of course there are work arounds. You can encrypt the directories that you do not want the user to access. Alternately, you can login as a root and write the files and the user would not be able to access them if the permissions are set up right.
Hope this helps.
 
Old 06-07-2011, 02:16 AM   #5
anirvan
LQ Newbie
 
Registered: Jun 2011
Location: India
Distribution: CentOS
Posts: 7

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by SilverBack View Post
Looking at /etc/passwd or /etc/shadow I do not think you can have dual passwords perse.
Of course there are work arounds. You can encrypt the directories that you do not want the user to access. Alternately, you can login as a root and write the files and the user would not be able to access them if the permissions are set up right.
Hope this helps.
I know how to encrypt/decrypt a file but don't know how to encrypt/decrypt a directory....kindly guide me.
 
Old 06-07-2011, 09:57 AM   #6
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 8,607
Blog Entries: 4

Rep: Reputation: 2998Reputation: 2998Reputation: 2998Reputation: 2998Reputation: 2998Reputation: 2998Reputation: 2998Reputation: 2998Reputation: 2998Reputation: 2998Reputation: 2998
PAM is used for all authentication tasks, including login. Indeed, PAM exists so that you can alter or enhance the login (or any other) authentication process without otherwise changing any of the underlying code.

Generally speaking, "if one password isn't good enough, two passwords or n passwords won't be any better." (It simply increases the probability that the passwords will be written on a little note that's taped underneath the keyboard. )

Consider... authentication tokens (smart cards, etc.), thumbprint recognizers, or, in the case of ssh access, replacing the password authentication option with the use of RSA digital certificates which are password-encrypted.

ssh-agent is another very powerful tool to use in association with ssh. It can store passwords in a secure store and supply them on-demand to any ssh-enabled app which needs to use them, e.g. to unlock digital certificates. This is why I can log on to a distant system using a certificate with a passphrase of "Q%]`Upv@gz" and I never actually have to type that. Should the computer holding the certificate be compromised, the owners of the distant system invalidate that certificate so that it becomes utterly useless even if the thief manages to unlock it. (And there is a time-lock, too: I can't log on at 3 AM.)
 
Old 06-09-2011, 05:45 AM   #7
honeybadger
Member
 
Registered: Aug 2007
Location: India
Distribution: Slackware (mainly) and then a lot of others...
Posts: 855

Rep: Reputation: Disabled
I use an app called 'ccrypt' - it has a cli. There could be several others with gui I do not know about.
As far as encrypting/decrypting with ccrypt is concerned we have the -r flag that would encrypt all the files in the directory as well as the directory itself. Then there is always the tar/zip option - you can tar/zip the folder and then encrypt it.
Hope this helps.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
password security JUbuntu Linux - Security 2 03-20-2008 04:57 AM
Password Security Poll lefty.crupps General 14 10-07-2006 01:30 PM
unix password security securitycheck Other *NIX 2 10-07-2004 01:07 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 10:09 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration