Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
How to force passwd to accept easy passwords ?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
devnull0000
n00b
n00b


Joined: 16 Aug 2020
Posts: 2

PostPosted: Sun Aug 16, 2020 4:51 pm    Post subject: How to force passwd to accept easy passwords ? Reply with quote

I hate security... after latest emerge --sync & world update something became broken for me and my almost trivial passwords don't work

(from root)
passwd <my_user>

doesn't want to accept something easy like 0000 and teaches me security.

Do you know how to fix this ?
I tried to build shadow with cracklib disabled but no luck so far, editng of /etc/pam.d/system-auth also has no any effect.

I want to control my machine, not allow machine to control me... that's why I use linux & gentoo
In the end I may end up debugging the passwd utility but it may take too long and I hope there is a way.


Last edited by devnull0000 on Sun Aug 16, 2020 5:02 pm; edited 1 time in total
Back to top
View user's profile Send private message
devnull0000
n00b
n00b


Joined: 16 Aug 2020
Posts: 2

PostPosted: Sun Aug 16, 2020 5:01 pm    Post subject: Reply with quote

nevermind, I found it

comment out with # the line from /etc/pam.d/system-auth
password required pam_passwdqc.so min=8,8,8,8,8 retry=3

and making next one
to be
password required pam_unix.so nullok sha512 shadow

instead of
password required pam_unix.so try_first_pass use_authtok nullok sha512 shadow

made me happy.
Back to top
View user's profile Send private message
proteusx
Apprentice
Apprentice


Joined: 21 Jan 2008
Posts: 298

PostPosted: Mon Aug 17, 2020 1:23 pm    Post subject: Reply with quote

I hate security too and here is my solution to cripple pam and make it let me in without asking for a password.
I have added as the top line:
Code:
 auth    sufficient      pam_permit.so
to /etc/pam.d/login as well every module that nags me for a password (e.g. su,sshd, system-login, etc.)
Back to top
View user's profile Send private message
Banana
l33t
l33t


Joined: 21 May 2004
Posts: 686
Location: Germany

PostPosted: Mon Aug 17, 2020 6:09 pm    Post subject: Reply with quote

I hope you know what you are doing and to everybody else: Don't
_________________
My personal space
Back to top
View user's profile Send private message
proteusx
Apprentice
Apprentice


Joined: 21 Jan 2008
Posts: 298

PostPosted: Mon Aug 17, 2020 7:39 pm    Post subject: Reply with quote

Banana wrote:
...and to everybody else: Don't

Indeed, do not, or nasty Corona will get into your computer and might get you too; and we do not want that. Do we, children?
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 16219

PostPosted: Mon Aug 17, 2020 8:16 pm    Post subject: Re: How to force passwd to accept easy passwords ? Reply with quote

devnull0000 wrote:
I hate security... after latest emerge --sync & world update something became broken for me and my almost trivial passwords don't work
My first guess would be that you had previously overridden basic system security policy and your recent update included a configuration file change that, once merged, reverted you to recommended defaults. My second guess would be that a recent update improved the defaults.

proteusx: there is no need to get sarcastic here. Banana was trying to be helpful, by informing future readers that the change described here is not one to be applied without a proper understanding of the consequences. Those consequences may not be obvious since they apply only when a password change would otherwise be rejected for poor quality, and the result is an acceptance where the recommended default would be a denial.
Back to top
View user's profile Send private message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 4294
Location: Illinois, USA

PostPosted: Mon Aug 17, 2020 8:32 pm    Post subject: Reply with quote

You should use strong randomly generated passwords. To log in via ssh without a password, see https://wiki.gentoo.org/wiki/SSH#Connecting_to_a_distant_SSH_server
It's not really passwordless, your computer remembers the password for you and automatically sends it.
For passwordless X login, search this forum. There were some recent posts. Maybe some kind person will post links.

Don't use 000 or abc, Linux can be destroyed by attackers. I understand your disdain for the security fetish, but take reasonable precautions against someone else. I've memorized my X password (not random but a long nonsense phrase) and use random 12 digit hex numbers for ssh passwords, which I don't memorize because I've followed the above wiki link. I login to X only from the LAN, YMMV. Many people disable all remote X login, but I'm the only user on the LAN now. Yes, I still use suid for X, but NOT with a password like 000
Back to top
View user's profile Send private message
pietinger
Guru
Guru


Joined: 17 Oct 2006
Posts: 410
Location: Bavaria

PostPosted: Mon Aug 17, 2020 8:50 pm    Post subject: Reply with quote

I understand requests for a simple (user) password. I am paronoid for security ... AND ... my user password is short and poor; only my pw for root is strong. Why ?

I have no fear of an offline attack (no cleaning personal), so only an online attack could break my system. An (successful) attacker dont need my user pw because he gained already (at minimum) my user rights. He can damage my system only with the root account and therefore you need a strong pw for root (and a hardened kernel).
Back to top
View user's profile Send private message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 4294
Location: Illinois, USA

PostPosted: Mon Aug 17, 2020 10:03 pm    Post subject: Reply with quote

pietinger,

Those are good points. In my case, I'm set up to sudo without a password so my user password is as important as my root password.

EDIT:
I was used to UNIX in a corporate environment before Windows even existed, so I'm mindful of these things. Got to admit that on Windows at first I logged on without a password and with administrative rights. Today I don't do that because my browser remembers passwords for banks and credit cards. It's not just computer security at risk.
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 6781

PostPosted: Mon Aug 17, 2020 10:36 pm    Post subject: Reply with quote

USE="-pam" and then you can set your password any way you like without it getting in the way. Don't run sshd with password access in either case.
Back to top
View user's profile Send private message
pietinger
Guru
Guru


Joined: 17 Oct 2006
Posts: 410
Location: Bavaria

PostPosted: Tue Aug 18, 2020 10:44 am    Post subject: Reply with quote

Tony0945 wrote:
[...] In my case, I'm set up to sudo without a password so my user password is as important as my root password.

Tony,

this is a true reason ... and the reason why I dont like sudo and never use it; I do jobs as root only with "su -"

In my eyes, sudo is one of the greatest security risks because of the immediate root access through a simple user account (think what happens after a successful break into your system after browsing a bad website with your user account ...)
Back to top
View user's profile Send private message
proteusx
Apprentice
Apprentice


Joined: 21 Jan 2008
Posts: 298

PostPosted: Tue Aug 18, 2020 1:33 pm    Post subject: Reply with quote

Imagine a world where personal systems have no security whatsoever (e.g. no password login) and security is an option for those use their computer for bank transactions and those who want to prevent their wives to read their mistress' emails.
Also, no compulsory cryptography, no Spectre/Meltdown mitigations, no PIEs and no SSP canaries.
Security should be an opt-in, like systemd. A meta package perhaps.
You may say I am a dreamer, am I the only one?
Back to top
View user's profile Send private message
pietinger
Guru
Guru


Joined: 17 Oct 2006
Posts: 410
Location: Bavaria

PostPosted: Tue Aug 18, 2020 2:47 pm    Post subject: Reply with quote

proteusx wrote:
Imagine a world where personal systems have no security [...]

Imagine a world where every house has an open front door ...
Back to top
View user's profile Send private message
proteusx
Apprentice
Apprentice


Joined: 21 Jan 2008
Posts: 298

PostPosted: Tue Aug 18, 2020 2:56 pm    Post subject: Reply with quote

pietinger wrote:
proteusx wrote:
Imagine a world where personal systems have no security [...]

Imagine a world where every house has an open front door ...

Unlike today's houses with 100 padlocks on the front door but wide open back door.
Back to top
View user's profile Send private message
pietinger
Guru
Guru


Joined: 17 Oct 2006
Posts: 410
Location: Bavaria

PostPosted: Tue Aug 18, 2020 3:03 pm    Post subject: Reply with quote

proteusx wrote:
[...] but wide open back door.

Yes, you are right.

But only our secret agencies using computer back doors, and in these agencies we have only characterful people with good intentions ...
Back to top
View user's profile Send private message
Marlo
Veteran
Veteran


Joined: 26 Jul 2003
Posts: 1475

PostPosted: Thu Oct 29, 2020 8:26 pm    Post subject: Reply with quote

devnull0000 wrote:
nevermind, I found it

comment out with # the line from /etc/pam.d/system-auth
password required pam_passwdqc.so min=8,8,8,8,8 retry=3

and making next one
to be
password required pam_unix.so nullok sha512 shadow

instead of
password required pam_unix.so try_first_pass use_authtok nullok sha512 shadow

made me happy.


thanks devnull0000,

your solution just saved me!

Thanks again
Ma
_________________
Thank you for your attention, interest and support.
------------------------------------------------------------------
http://radio.garden/
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum