Manualshelf

User guide

ManualsBrandsRed Hat ManualsOtherENTERPRISE LINUX 4 - SELINUX GUIDE
31323334353637383940
Password Security
27
SlurpieSlurpie is similar to John The Ripper and Crack, but it is designed to run on
multiple computers simultaneously, creating a distributed password cracking attack. It can be
found along with a number of other distributed attack security evaluation tools online at http://
www.ussrback.com/distributed.htm.
Warning
Always get authorization in writing before attempting to crack passwords within an organization.
2.1.3.2.2. Passphrases
Passphrases and passwords are the cornerstone to security in most of today's systems. Unfortunately,
techniques such as biometrics and two-factor authentication have not yet become mainstream in many
systems. If passwords are going to be used to secure a system, then the use of passphrases should
be considered. Passphrases are longer than passwords and provide better protection than a password
even when implemented with non-standard characters such as numbers and symbols.
2.1.3.2.3. Password Aging
Password aging is another technique used by system administrators to defend against bad passwords
within an organization. Password aging means that after a specified period (usually 90 days), the user
is prompted to create a new password. The theory behind this is that if a user is forced to change his
password periodically, a cracked password is only useful to an intruder for a limited amount of time.
The downside to password aging, however, is that users are more likely to write their passwords down.
There are two primary programs used to specify password aging under Red Hat Enterprise Linux: the
chage command or the graphical User Manager (system-config-users) application.
The -M option of the chage command specifies the maximum number of days the password is valid.
For example, to set a user's password to expire in 90 days, use the following command:
chage -M 90 <username>
In the above command, replace <username> with the name of the user. To disable password
expiration, it is traditional to use a value of 99999 after the -M option (this equates to a little over 273
years).
You can also use the chage command in interactive mode to modify multiple password aging and
account details. Use the following command to enter interactive mode:
chage <username>
The following is a sample interactive session using this command:
[root@myServer ~]# chage davido
Changing the aging information for davido
Enter the new value, or press ENTER for the default
Minimum Password Age [0]: 10
Maximum Password Age [99999]: 90
Last Password Change (YYYY-MM-DD) [2006-08-18]:
Password Expiration Warning [7]:
Password Inactive [-1]:
Account Expiration Date (YYYY-MM-DD) [1969-12-31]:
[root@myServer ~]#