[deployment-guide: 109/185] Commands no longer use insecure DES password hashing. (BZ#681879)
Jaromir Hradilek
jhradile at fedoraproject.org
Sun May 15 21:20:17 UTC 2011
commit 1edda7e4e867d92c43766dda098631286b0880c7
Author: Jaromir Hradilek <jhradile at redhat.com>
Date: Fri Mar 4 17:37:07 2011 +0100
Commands no longer use insecure DES password hashing. (BZ#681879)
en-US/Book_Info.xml | 2 +-
en-US/Managing_Users_and_Groups.xml | 56 ++++++++--------------------------
2 files changed, 14 insertions(+), 44 deletions(-)
---
diff --git a/en-US/Book_Info.xml b/en-US/Book_Info.xml
index 6e39ae0..47ce8a6 100644
--- a/en-US/Book_Info.xml
+++ b/en-US/Book_Info.xml
@@ -7,7 +7,7 @@
<productname>Red Hat Enterprise Linux</productname>
<productnumber>6</productnumber>
<edition>1</edition>
- <pubsnumber>100</pubsnumber>
+ <pubsnumber>101</pubsnumber>
<abstract>
<para>
The <citetitle pubwork="book">Deployment Guide</citetitle> documents relevant information regarding the deployment, configuration and administration of &MAJOROSVER;. It is oriented towards system administrators with a basic understanding of the system.
diff --git a/en-US/Managing_Users_and_Groups.xml b/en-US/Managing_Users_and_Groups.xml
index 9f01e20..256a2b1 100644
--- a/en-US/Managing_Users_and_Groups.xml
+++ b/en-US/Managing_Users_and_Groups.xml
@@ -364,12 +364,12 @@
<screen><command>useradd</command> <replaceable>username</replaceable></screen>
</step>
<step>
- <indexterm significance="normal">
- <primary>user configuration</primary>
- <secondary>command line configuration</secondary>
- <tertiary><command>passwd</command></tertiary>
- </indexterm>
<para>
+ <indexterm>
+ <primary>user configuration</primary>
+ <secondary>command line configuration</secondary>
+ <tertiary><command>passwd</command></tertiary>
+ </indexterm>
Unlock the account by issuing the <command>passwd</command> command to assign a password and set password aging guidelines:
</para>
<screen><command>passwd</command> <replaceable>username</replaceable></screen>
@@ -704,50 +704,20 @@
<procedure>
<step>
<para>
- <emphasis>Set up an initial password</emphasis> — There are two common approaches to this step. The administrator can assign a default password or assign a null password.
+ <emphasis>Set up an initial password</emphasis> — There are two common approaches to this step: the administrator can assign a default password, or he can use a null password.
</para>
<para>
- To assign a default password, use the following steps:
+ To assign a default password, type the following at a shell prompt:
</para>
- <procedure>
- <step>
- <para>
- Start the command line Python interpreter with the <command>python</command> command. It displays the following:
- </para>
- <screen>Python 2.4.3 (#1, Jul 21 2006, 08:46:09)
-[GCC 4.1.1 20060718 (Application Stack 4.1.1-9)] on linux2
-Type "help", "copyright", "credits" or "license" for more information.
->>></screen>
- </step>
- <step>
- <para>
- At the prompt, type the following commands. Replace <replaceable>password</replaceable> with the password to encrypt and <replaceable>salt</replaceable> with a random combination of at least 2 of the following: any alphanumeric character, the slash (<literal>/</literal>) character, or a dot (<literal>.</literal>):
- </para>
- <screen><command>import crypt; print crypt.crypt("<replaceable>password</replaceable>","<replaceable>salt</replaceable>")</command></screen>
- <para>
- The output is the encrypted password, similar to <computeroutput>'12CsGd8FRcMSM'</computeroutput>.
- </para>
- </step>
- <step>
- <para>
- Press <keycombo><keycap>Ctrl</keycap><keycap>D</keycap></keycombo> to exit the Python interpreter.
- </para>
- </step>
- <step>
- <para>
- At the shell, enter the following command (replacing <replaceable>encrypted_password</replaceable> with the encrypted output of the Python interpreter):
- </para>
- <screen><command>usermod</command> <option>-p</option> "<replaceable>encrypted_password</replaceable>" <replaceable>username</replaceable></screen>
- </step>
- </procedure>
+ <screen><command>passwd</command> <replaceable>username</replaceable></screen>
<para>
- Alternatively, you can assign a null password instead of an initial password. To do this, use the following command:
+ To assign a null password instead, use the following command:
</para>
- <screen><command>usermod</command> <option>-p</option> <option>""</option> <replaceable>username</replaceable></screen>
+ <screen><command>passwd</command> <option>-d</option> <replaceable>username</replaceable></screen>
<warning>
- <title>Caution</title>
+ <title>Warning</title>
<para>
- Using a null password, while convenient, is a highly unsecure practice, as any third party can log in first and access the system using the unsecure username. Always make sure that the user is ready to log in before unlocking an account with a null password.
+ Using a null password, while convenient, is a highly insecure practice, as any third party can log in first and access the system using the insecure username. Always make sure that the user is ready to log in before unlocking an account with a null password.
</para>
</warning>
</step>
@@ -917,7 +887,7 @@ drwx------. 4 juan juan 4096 Mar 3 18:23 juan</screen>
</step>
<step>
<para>
- The files within the <filename class="directory">/etc/skel/</filename> directory (which contain default user settings) are copied into the new <filename class="directory">/home/juan/</filename> directory.
+ The files within the <filename class="directory">/etc/skel/</filename> directory (which contain default user settings) are copied into the new <filename class="directory">/home/juan/</filename> directory:
</para>
<screen>~]# <command>ls -la /home/juan</command>
total 28
More information about the docs-commits
mailing list