O'Reilly logo

Linux Annoyances for Geeks by Michael Jang

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

User Passwords Are Too Weak

One thing that annoys me about Linux is how the default configurations allow simple passwords. Yes, there are warning messages against dictionary words or passwords shorter than six characters. But these are just warnings. By default, most Linux distributions allow simple passwords. SUSE even allows blank passwords.

Fortunately, modern versions of Linux have put some barriers in the way of malicious intruders. For instance, passwords are no longer stored in /etc/passwd, which is world-readable. Instead, they are stored in /etc/shadow, which is readable only by the root user. Still, passwords are subject to dictionary attacks and social engineering (such as when a cracker tries a pet name or favorite term used by the victim). In this section, I'll show how to enforce strong passwords.

One way for an administrator to battle weak passwords is to take on the role of a cracker and run a command such as crack on user passwords. If a password is cracked, the user can be warned, his account can be disabled, or the user can be disciplined in some appropriate fashion. (Of course, management often provides the worst offenders.) But this section focuses on techniques to require strong passwords in the first place.

Tip

Keep in mind that the rules we set to protect the security of our passwords probably annoy most users. If the rules are too difficult, users may post their current passwords in the open, next to their workstations.

You can use the chage command to make users ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required