HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Legacy
- >
- Secure OS Software for Linux
- >
- Paranoid security, bypass resetting password expir...
Secure OS Software for Linux
1828406
Members
3336
Online
109977
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-03-2003 07:34 AM
09-03-2003 07:34 AM
Paranoid security, bypass resetting password expiry
Hello again,
"msec", I assume, is again giving me grief.
We are running Mandrake 9 with paranoid security (level 5).
The passwprd expiry period gets reset to default (30 days) even after I have extended it for selected users.
This is really annoying as some users may not log on for extended periods and therefore never get the warning and become unable to log on (me included).
Does anyone know how to overide this feature?
Thanks
"msec", I assume, is again giving me grief.
We are running Mandrake 9 with paranoid security (level 5).
The passwprd expiry period gets reset to default (30 days) even after I have extended it for selected users.
This is really annoying as some users may not log on for extended periods and therefore never get the warning and become unable to log on (me included).
Does anyone know how to overide this feature?
Thanks
4 REPLIES 4
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-03-2003 07:41 AM
09-03-2003 07:41 AM
Re: Paranoid security, bypass resetting password expiry
The real answer is to get rid of paranoid security and become active in setting security yourself. Its harder, but the process will improve your skills and allow you to avoid circumstances like this.
You might find using Bastille gives you better control.
With regards to this issue, it may take another password cycle for your change to kick in.
If the password life cycle is 30 days and you extend it, it probably requires a passwd command against that user.
The GUI interface that comes with Mandrake should do that for you.
In the end, there is a price for security, you have to balance that against your sanity.
SEP
You might find using Bastille gives you better control.
With regards to this issue, it may take another password cycle for your change to kick in.
If the password life cycle is 30 days and you extend it, it probably requires a passwd command against that user.
The GUI interface that comes with Mandrake should do that for you.
In the end, there is a price for security, you have to balance that against your sanity.
SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-03-2003 08:49 AM
09-03-2003 08:49 AM
Re: Paranoid security, bypass resetting password expiry
Thanks Steve
I'm told we are using this security scheme for this application due to the sensitivity of the information and to use a mixture of security setups so that if one is breached, the others will remain unknown...
Anyway, I found a reference to "no_password_aging_for(name)" in the msec directories. This tells me there is a bypass process and that it's probly driven by a control file.
I'm looking for which one, and the format of the control entry. The source is there but I don't know how to interpret Python code.
Take care.
I'm told we are using this security scheme for this application due to the sensitivity of the information and to use a mixture of security setups so that if one is breached, the others will remain unknown...
Anyway, I found a reference to "no_password_aging_for(name)" in the msec directories. This tells me there is a bypass process and that it's probly driven by a control file.
I'm looking for which one, and the format of the control entry. The source is there but I don't know how to interpret Python code.
Take care.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-04-2003 12:53 AM
09-04-2003 12:53 AM
Re: Paranoid security, bypass resetting password expiry
Hello
I dont use msec, I did a search from google and ended up in mandrake, there I found the following
I am passing it on perhaps, this could proof usefull !?
http://www.google.com/search?hl=en&lr=lang_en&ie=ISO-8859-1&oe=ISO-8859-1&q=no_password_aging_for&btnG=Google+Search&lr=lang_en
Jean-Pierre
I dont use msec, I did a search from google and ended up in mandrake, there I found the following
I am passing it on perhaps, this could proof usefull !?
http://www.google.com/search?hl=en&lr=lang_en&ie=ISO-8859-1&oe=ISO-8859-1&q=no_password_aging_for&btnG=Google+Search&lr=lang_en
Jean-Pierre
Smile I will feel the difference
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-04-2003 04:47 AM
09-04-2003 04:47 AM
Re: Paranoid security, bypass resetting password expiry
Hi me , again ! ... I had a bite of time to read the links ....I mention here above !
In one of them I found
<<<<<<<<<<<<<<<<< cut from link" >>>>>>>>>>>>>>>
no_password_aging_for('toto') in level.local ineffective
* From: [bret]
* Subject: [Cooker] [Bug 1629] [msec] msec no_password_aging_for('toto') in level.local ineffective
* Date: Mon, 28 Jul 2003 07:06:33 -0700
http://qa.mandrakesoft.com/show_bug.cgi?id=1629
------- Additional Comments From [EMAIL PROTECTED] 2003-28-07 17:37 -------
One thing to keep in mind with password aging is if you disabled the password
aging after you set up the user, the shadow file will still have the setting
in it.
To disable the aging after you setup your level.local run this command:
"chage -M 99999 'username'".
That should fix your aging and it will not be re-enabled again by msec.
Now I have now idea if msec should do this if you add the entries above to
your level.local or not.
Bret.
<<<<<<<<<<<<<<<<<< end_of_cut >>>>>>>>>>>>>>>>
I had a look at this tool ... not bad, But I am more inclined to checking/reading lock and using standart iptables, bastille, find it is the best way for me to know what's going on , Having said' this I am lucky to be able to decide this myself.
Hope this will help you with this problem.
Jean-Pierre or J-P (shorter version).
In one of them I found
<<<<<<<<<<<<<<<<< cut from link" >>>>>>>>>>>>>>>
no_password_aging_for('toto') in level.local ineffective
* From: [bret]
* Subject: [Cooker] [Bug 1629] [msec] msec no_password_aging_for('toto') in level.local ineffective
* Date: Mon, 28 Jul 2003 07:06:33 -0700
http://qa.mandrakesoft.com/show_bug.cgi?id=1629
------- Additional Comments From [EMAIL PROTECTED] 2003-28-07 17:37 -------
One thing to keep in mind with password aging is if you disabled the password
aging after you set up the user, the shadow file will still have the setting
in it.
To disable the aging after you setup your level.local run this command:
"chage -M 99999 'username'".
That should fix your aging and it will not be re-enabled again by msec.
Now I have now idea if msec should do this if you add the entries above to
your level.local or not.
Bret.
<<<<<<<<<<<<<<<<<< end_of_cut >>>>>>>>>>>>>>>>
I had a look at this tool ... not bad, But I am more inclined to checking/reading lock and using standart iptables, bastille, find it is the best way for me to know what's going on , Having said' this I am lucky to be able to decide this myself.
Hope this will help you with this problem.
Jean-Pierre or J-P (shorter version).
Smile I will feel the difference
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Support
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP