Re: [expert] Password Question
> > OK, so far, both James and you have said something about "password > protecting single user mode" or "setting it up somehow"... so > let's go back to my first question in this thread =) > How can i do that? I just want the system to ask for a password > ONLY when i tell it i want `linux single`. > The best way to do it is adding this line to /etc/inittab: ~~:S:wait:/sbin/sulogin (this way you'll be asked for a password even if you type 'telinit S' --that doesn't happen if you only rely in 'password' and 'protected' in lilo.conf--) Toshiro. ADSL para estar en internet las 24 horas a máxima velocidad y sin ocupar el teléfono. --- http://www.internet.com.uy Tel. 707.42.52 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Password Question
On Sun, 2003-08-31 at 05:38, Damian Gatabria wrote: > El dom, 31-08-2003 a las 08:47, KevinO escribió: > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA1 > > > > Damian Gatabria wrote: > > > El sáb, 30-08-2003 a las 19:49, Frankie escribió: > > > > > >>>-Original Message- > > >>>From: [EMAIL PROTECTED] > > >>>[mailto:[EMAIL PROTECTED] Behalf Of Damian Gatabria > > >>>Sent: Saturday, 30 August 2003 7:55 PM > > >>>To: [EMAIL PROTECTED] > > >>>Subject: Re: [expert] Password Question > > >>> > > >>> > > >>>El sáb, 30-08-2003 a las 18:24, Jack Coates escribió: > > >>> > > >>>>On Sat, 2003-08-30 at 03:44, Damian Gatabria wrote: > > >>>> > > >>>>>El mié, 20-08-2003 a las 16:55, Bryan Phinney escribió: > > >>>>> > > >>>>>>On Wednesday 20 August 2003 10:24 am, Lawson, Jim wrote: > > >>>>>> > > >>>>>>>Okay So I just read an article that said mandrake 9.1 can > > >>> > > >>>reset any windoz > > >>> > > >>>>>>>password. Can any linux distro password for root or any > > >>> > > >>>other user be > > >>> > > >>>>>>>reset. Say if you forgot it? > > >>>>>>> > > >>>>>>>James S. Lawson > > >>>>>>>Network Administrator > > >>>>>> > > >>>>>>The only way that I know of to do this is to bring the > > >>> > > >>>computer up in Single > > >>> > > >>>>>>User mode and reset root password from there. You should > > >>> > > >>>be able to do that > > >>> > > >>>>>>by putting options in Lilo at boot to bring up Linux in > > >>> > > >>>single user mode. > > >>> > > >>>>>>If you have password protected Lilo, I am not sure that you > > >>> > > >>>can reset the root > > >>> > > >>>>>>password without some type of reinstall. > > >>>>> > > >>>>> > > >>>>>How do you password protec Lilo? :o)) > > >>>> > > >>>>you put a password in /etc/lilo.conf and run /sbin/lilo. > > >>>> > > >>>>Users must then enter the password in order to boot any kernels listed > > >>>>by lilo. It isn't used all that much to my knowledge -- laptop users > > >>>>generally use the BIOS password, desktops users generally don't use boot > > >>>>passwords, and servers need to be able to reboot without physical help. > > >>> > > >>>Yet, i hate the fact that cracking the admin password in Win2k is > > >>>harder than in Linux... :o/ > > >>> > > >> > > >>Using linux single to reset the password is not cracking it.. > > >>Since you can't find out what the old password was, you are just > > >>creating a new one. > > > > > > > > > I know, sorry for not expressing myself correctly. > > > The point is, in windoze, if i want to change the admin > > > password, there's two ways: > > > > > > 1) cracking te sam file. This is a rather long process and > > > requires third-party software. > > > > > > > Breaking into the registry or a sam file is trivially easy using a Linux boot > > disk made for the purpose. I have done it for people several times. It doesn't > > take much longer or more effort than just waiting for it to boot. > > > > > 2) Booting with a DOS diskette, load third-party NFTS-dos > > > drivers, and move around a couple of files so i get a user > > > manager instead of a login prompt. This is a tricky process > > > and you risk fubaring the system. > > > > > > this means that the one aspect in which windows is > > > far better from a security standpoint is protecting > > > the admin password, since in Linux you only have to > > > boot in single user mode.. it's sad, but true. > > > > > It's neither sad nor true. > > > > A Linux system can only be booted into single user mode if you have it setup > > that way, although most are set that way by default for convenience. Having > > physical access to a machine means that there isn't much security, aside from > > encrypting the filesystem. This is why most consider the ability to boot into > > single user from the console to not be a security risk -- it requires console > > access. > > > > OK, so far, both James and you have said something about "password > protecting single user mode" or "setting it up somehow"... so > let's go back to my first question in this thread =) > How can i do that? I just want the system to ask for a password > ONLY when i tell it i want `linux single`. Ok, a quick link http://lists.isb.sdnpk.org/pipermail/plug-list/2003-June/000552.html But to put it here. in the top section of the lilo.conf file add this line. password="" #insert your password here. then in each kernel image section add the line restricted at the end. You can now boot as normal but if you try to go single (or any other mode where you pass special parameters.) you will need to give it the root password to do anything more than look at a prompt. James Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Password Question
El dom, 31-08-2003 a las 08:47, KevinO escribió: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Damian Gatabria wrote: > > El sáb, 30-08-2003 a las 19:49, Frankie escribió: > > > >>>-Original Message- > >>>From: [EMAIL PROTECTED] > >>>[mailto:[EMAIL PROTECTED] Behalf Of Damian Gatabria > >>>Sent: Saturday, 30 August 2003 7:55 PM > >>>To: [EMAIL PROTECTED] > >>>Subject: Re: [expert] Password Question > >>> > >>> > >>>El sáb, 30-08-2003 a las 18:24, Jack Coates escribió: > >>> > >>>>On Sat, 2003-08-30 at 03:44, Damian Gatabria wrote: > >>>> > >>>>>El mié, 20-08-2003 a las 16:55, Bryan Phinney escribió: > >>>>> > >>>>>>On Wednesday 20 August 2003 10:24 am, Lawson, Jim wrote: > >>>>>> > >>>>>>>Okay So I just read an article that said mandrake 9.1 can > >>> > >>>reset any windoz > >>> > >>>>>>>password. Can any linux distro password for root or any > >>> > >>>other user be > >>> > >>>>>>>reset. Say if you forgot it? > >>>>>>> > >>>>>>>James S. Lawson > >>>>>>>Network Administrator > >>>>>> > >>>>>>The only way that I know of to do this is to bring the > >>> > >>>computer up in Single > >>> > >>>>>>User mode and reset root password from there. You should > >>> > >>>be able to do that > >>> > >>>>>>by putting options in Lilo at boot to bring up Linux in > >>> > >>>single user mode. > >>> > >>>>>>If you have password protected Lilo, I am not sure that you > >>> > >>>can reset the root > >>> > >>>>>>password without some type of reinstall. > >>>>> > >>>>> > >>>>>How do you password protec Lilo? :o)) > >>>> > >>>>you put a password in /etc/lilo.conf and run /sbin/lilo. > >>>> > >>>>Users must then enter the password in order to boot any kernels listed > >>>>by lilo. It isn't used all that much to my knowledge -- laptop users > >>>>generally use the BIOS password, desktops users generally don't use boot > >>>>passwords, and servers need to be able to reboot without physical help. > >>> > >>>Yet, i hate the fact that cracking the admin password in Win2k is > >>>harder than in Linux... :o/ > >>> > >> > >>Using linux single to reset the password is not cracking it.. > >>Since you can't find out what the old password was, you are just > >>creating a new one. > > > > > > I know, sorry for not expressing myself correctly. > > The point is, in windoze, if i want to change the admin > > password, there's two ways: > > > > 1) cracking te sam file. This is a rather long process and > > requires third-party software. > > > > Breaking into the registry or a sam file is trivially easy using a Linux boot > disk made for the purpose. I have done it for people several times. It doesn't > take much longer or more effort than just waiting for it to boot. > > > 2) Booting with a DOS diskette, load third-party NFTS-dos > > drivers, and move around a couple of files so i get a user > > manager instead of a login prompt. This is a tricky process > > and you risk fubaring the system. > > > > this means that the one aspect in which windows is > > far better from a security standpoint is protecting > > the admin password, since in Linux you only have to > > boot in single user mode.. it's sad, but true. > > > It's neither sad nor true. > > A Linux system can only be booted into single user mode if you have it setup > that way, although most are set that way by default for convenience. Having > physical access to a machine means that there isn't much security, aside from > encrypting the filesystem. This is why most consider the ability to boot into > single user from the console to not be a security risk -- it requires console > access. > OK, so far, both James and you have said something about "password protecting single user mode" or "setting it up somehow"... so let's go back to my first question in this thread =) How can i do that? I just want the system to ask for a password ONLY when i tell it i want `linux single`. > Breaking into a Linux box w/o single (or init=...) is much harder than > cracking open an NT, 2000 or XP box. What i meant with my previous post is that it took me 30 seconds to learn how to change a root password in mandrake Linux, and for Windoze i had to surf the net for about 10 minutes to find boot diskettes that, from reading the manual they include, i can see it's at least a two or three steps longer process, warnings reading "Beware! the ntfs driver is not perfect, you can break your system!" and "Warning! you may loose all of the system's user passwords with this!" and stuff like that. > But once you open a box or boot a different kernel or OS on a box, all bets > are off. The only way to protect your system (data) is through decent encyption. agreed. Damian Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Password Question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Damian Gatabria wrote: > El sáb, 30-08-2003 a las 19:49, Frankie escribió: > >>>-Original Message- >>>From: [EMAIL PROTECTED] >>>[mailto:[EMAIL PROTECTED] Behalf Of Damian Gatabria >>>Sent: Saturday, 30 August 2003 7:55 PM >>>To: [EMAIL PROTECTED] >>>Subject: Re: [expert] Password Question >>> >>> >>>El sáb, 30-08-2003 a las 18:24, Jack Coates escribió: >>> >>>>On Sat, 2003-08-30 at 03:44, Damian Gatabria wrote: >>>> >>>>>El mié, 20-08-2003 a las 16:55, Bryan Phinney escribió: >>>>> >>>>>>On Wednesday 20 August 2003 10:24 am, Lawson, Jim wrote: >>>>>> >>>>>>>Okay So I just read an article that said mandrake 9.1 can >>> >>>reset any windoz >>> >>>>>>>password. Can any linux distro password for root or any >>> >>>other user be >>> >>>>>>>reset. Say if you forgot it? >>>>>>> >>>>>>>James S. Lawson >>>>>>>Network Administrator >>>>>> >>>>>>The only way that I know of to do this is to bring the >>> >>>computer up in Single >>> >>>>>>User mode and reset root password from there. You should >>> >>>be able to do that >>> >>>>>>by putting options in Lilo at boot to bring up Linux in >>> >>>single user mode. >>> >>>>>>If you have password protected Lilo, I am not sure that you >>> >>>can reset the root >>> >>>>>>password without some type of reinstall. >>>>> >>>>> >>>>>How do you password protec Lilo? :o)) >>>> >>>>you put a password in /etc/lilo.conf and run /sbin/lilo. >>>> >>>>Users must then enter the password in order to boot any kernels listed >>>>by lilo. It isn't used all that much to my knowledge -- laptop users >>>>generally use the BIOS password, desktops users generally don't use boot >>>>passwords, and servers need to be able to reboot without physical help. >>> >>>Yet, i hate the fact that cracking the admin password in Win2k is >>>harder than in Linux... :o/ >>> >> >>Using linux single to reset the password is not cracking it.. >>Since you can't find out what the old password was, you are just >>creating a new one. > > > I know, sorry for not expressing myself correctly. > The point is, in windoze, if i want to change the admin > password, there's two ways: > > 1) cracking te sam file. This is a rather long process and > requires third-party software. > Breaking into the registry or a sam file is trivially easy using a Linux boot disk made for the purpose. I have done it for people several times. It doesn't take much longer or more effort than just waiting for it to boot. > 2) Booting with a DOS diskette, load third-party NFTS-dos > drivers, and move around a couple of files so i get a user > manager instead of a login prompt. This is a tricky process > and you risk fubaring the system. > > this means that the one aspect in which windows is > far better from a security standpoint is protecting > the admin password, since in Linux you only have to > boot in single user mode.. it's sad, but true. > It's neither sad nor true. A Linux system can only be booted into single user mode if you have it setup that way, although most are set that way by default for convenience. Having physical access to a machine means that there isn't much security, aside from encrypting the filesystem. This is why most consider the ability to boot into single user from the console to not be a security risk -- it requires console access. Breaking into a Linux box w/o single (or init=...) is much harder than cracking open an NT, 2000 or XP box. But once you open a box or boot a different kernel or OS on a box, all bets are off. The only way to protect your system (data) is through decent encyption. - -- KevinO "If truth is beauty, how come no one has their hair done in the library?" - -- Lily Tomlin -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/UZoIWOfRC7Rnmv8RAl4CAJ9X/tGM61lkvL11ENlDcP0cQVCnCwCeLr8S Nnhn3QXGXKNinxkABQudk4o= =mkJ1 -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [expert] Password Question
On Sat, 2003-08-30 at 14:54, Damian Gatabria wrote: ... > 2) Booting with a DOS diskette, load third-party NFTS-dos > drivers, and move around a couple of files so i get a user > manager instead of a login prompt. This is a tricky process > and you risk fubaring the system. ... http://trinityhome.org/trk/ -- Jack Coates Monkeynoodle: A Scientific Venture... Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Password Question
On Sat, 2003-08-30 at 13:45, J.C. Woods wrote: > Jack Coates wrote: > > >On Sat, 2003-08-30 at 04:54, Damian Gatabria wrote > > > >Now if you're talking about resetting the password, that's another > >matter -- piece of cake in either OS, but resetting the password is not > >something which will go unnoticed by the real admin. > > > > > Very cool, now will the "real" admin please stand up hey Bert, none of our web servers will let me log in any more. Did you change anything? No Ernie, I'd have told you if I'd changed anything. That's funny Bert. Oh well, I'm sure it's no big deal, the site is still up. Let's look into it after the holidays. -- Jack Coates Monkeynoodle: A Scientific Venture... Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [expert] Password Question
On Sat, 2003-08-30 at 14:54, Damian Gatabria wrote: > El sáb, 30-08-2003 a las 19:49, Frankie escribió: > > >-Original Message- > > >From: [EMAIL PROTECTED] > > >[mailto:[EMAIL PROTECTED] Behalf Of Damian Gatabria > > >Sent: Saturday, 30 August 2003 7:55 PM > > >To: [EMAIL PROTECTED] > > >Subject: Re: [expert] Password Question > > > > > > > > >El sáb, 30-08-2003 a las 18:24, Jack Coates escribió: > > >> On Sat, 2003-08-30 at 03:44, Damian Gatabria wrote: > > >> > El mié, 20-08-2003 a las 16:55, Bryan Phinney escribió: > > >> > > On Wednesday 20 August 2003 10:24 am, Lawson, Jim wrote: > > >> > > > Okay So I just read an article that said mandrake 9.1 can > > >reset any windoz > > >> > > > password. Can any linux distro password for root or any > > >other user be > > >> > > > reset. Say if you forgot it? > > >> > > > > > >> > > > James S. Lawson > > >> > > > Network Administrator > > >> > > > > >> > > The only way that I know of to do this is to bring the > > >computer up in Single > > >> > > User mode and reset root password from there. You should > > >be able to do that > > >> > > by putting options in Lilo at boot to bring up Linux in > > >single user mode. > > >> > > > > >> > > If you have password protected Lilo, I am not sure that you > > >can reset the root > > >> > > password without some type of reinstall. > > >> > > > >> > > > >> > How do you password protec Lilo? :o)) > > >> > > >> you put a password in /etc/lilo.conf and run /sbin/lilo. > > >> > > >> Users must then enter the password in order to boot any kernels listed > > >> by lilo. It isn't used all that much to my knowledge -- laptop users > > >> generally use the BIOS password, desktops users generally don't use boot > > >> passwords, and servers need to be able to reboot without physical help. > > > > > >Yet, i hate the fact that cracking the admin password in Win2k is > > >harder than in Linux... :o/ > > > > > > > Using linux single to reset the password is not cracking it.. > > Since you can't find out what the old password was, you are just > > creating a new one. > > I know, sorry for not expressing myself correctly. > The point is, in windoze, if i want to change the admin > password, there's two ways: > > 1) cracking te sam file. This is a rather long process and > requires third-party software. > > 2) Booting with a DOS diskette, load third-party NFTS-dos > drivers, and move around a couple of files so i get a user > manager instead of a login prompt. This is a tricky process > and you risk fubaring the system. > > this means that the one aspect in which windows is > far better from a security standpoint is protecting > the admin password, since in Linux you only have to > boot in single user mode.. it's sad, but true. > > Damian Try this on SuSE... won't work. there they automatically password single user mode. So to get into it you have to know the root password. Which is why you want single user mode in the first place. Easiest way on 2000 is to use the utility M$ provides. (takes about 2 minutes to boot change reboot) Or in Linux Knoppix chroot change reboot.) The point I'm making here is that if I have the console.. I have you, period. The security here is a locked door, or ... remove all monitors from the room. Amazing how hard cracking a box becomes when you can't see the monitor. *grin* James Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [expert] Password Question
On Sat, 2003-08-30 at 10:49, Frankie wrote: > >-Original Message- > >From: [EMAIL PROTECTED] > >[mailto:[EMAIL PROTECTED] Behalf Of Damian Gatabria > >Sent: Saturday, 30 August 2003 7:55 PM > >To: [EMAIL PROTECTED] > >Subject: Re: [expert] Password Question > > > > > >El sáb, 30-08-2003 a las 18:24, Jack Coates escribió: > >> On Sat, 2003-08-30 at 03:44, Damian Gatabria wrote: > >> > El mié, 20-08-2003 a las 16:55, Bryan Phinney escribió: > >> > > On Wednesday 20 August 2003 10:24 am, Lawson, Jim wrote: > >> > > > Okay So I just read an article that said mandrake 9.1 can > >reset any windoz > >> > > > password. Can any linux distro password for root or any > >other user be > >> > > > reset. Say if you forgot it? > >> > > > > >> > > > James S. Lawson > >> > > > Network Administrator > >> > > > >> > > The only way that I know of to do this is to bring the > >computer up in Single > >> > > User mode and reset root password from there. You should > >be able to do that > >> > > by putting options in Lilo at boot to bring up Linux in > >single user mode. > >> > > > >> > > If you have password protected Lilo, I am not sure that you > >can reset the root > >> > > password without some type of reinstall. > >> > > >> > > >> > How do you password protec Lilo? :o)) > >> > >> you put a password in /etc/lilo.conf and run /sbin/lilo. > >> > >> Users must then enter the password in order to boot any kernels listed > >> by lilo. It isn't used all that much to my knowledge -- laptop users > >> generally use the BIOS password, desktops users generally don't use boot > >> passwords, and servers need to be able to reboot without physical help. > > > >Yet, i hate the fact that cracking the admin password in Win2k is > >harder than in Linux... :o/ > > > > Using linux single to reset the password is not cracking it.. > Since you can't find out what the old password was, you are just > creating a new one. > > That was done on purpose because many people forget the root password and > a reinstall each time they did would be annoying. > > I can't remember how I did it, but I know I have used a win2000 CD to get > around an > unknown XP password.. I found out how to do that on the net. It's actually a utility on the "rescue" CD works similar to single user in that you give it a new password but never know the old. > > For people that don't want to be able to recover from a lost root > password.. passwording lilo is provided.. > > What more could you want?? easy recovery for the newbies, and strong local > security for those that desire it. > > regards > > Franki > > > > > > > __ > Want to buy your Pack or Services from MandrakeSoft? > Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [expert] Password Question
El sáb, 30-08-2003 a las 19:49, Frankie escribió: > >-Original Message- > >From: [EMAIL PROTECTED] > >[mailto:[EMAIL PROTECTED] Behalf Of Damian Gatabria > >Sent: Saturday, 30 August 2003 7:55 PM > >To: [EMAIL PROTECTED] > >Subject: Re: [expert] Password Question > > > > > >El sáb, 30-08-2003 a las 18:24, Jack Coates escribió: > >> On Sat, 2003-08-30 at 03:44, Damian Gatabria wrote: > >> > El mié, 20-08-2003 a las 16:55, Bryan Phinney escribió: > >> > > On Wednesday 20 August 2003 10:24 am, Lawson, Jim wrote: > >> > > > Okay So I just read an article that said mandrake 9.1 can > >reset any windoz > >> > > > password. Can any linux distro password for root or any > >other user be > >> > > > reset. Say if you forgot it? > >> > > > > >> > > > James S. Lawson > >> > > > Network Administrator > >> > > > >> > > The only way that I know of to do this is to bring the > >computer up in Single > >> > > User mode and reset root password from there. You should > >be able to do that > >> > > by putting options in Lilo at boot to bring up Linux in > >single user mode. > >> > > > >> > > If you have password protected Lilo, I am not sure that you > >can reset the root > >> > > password without some type of reinstall. > >> > > >> > > >> > How do you password protec Lilo? :o)) > >> > >> you put a password in /etc/lilo.conf and run /sbin/lilo. > >> > >> Users must then enter the password in order to boot any kernels listed > >> by lilo. It isn't used all that much to my knowledge -- laptop users > >> generally use the BIOS password, desktops users generally don't use boot > >> passwords, and servers need to be able to reboot without physical help. > > > >Yet, i hate the fact that cracking the admin password in Win2k is > >harder than in Linux... :o/ > > > > Using linux single to reset the password is not cracking it.. > Since you can't find out what the old password was, you are just > creating a new one. I know, sorry for not expressing myself correctly. The point is, in windoze, if i want to change the admin password, there's two ways: 1) cracking te sam file. This is a rather long process and requires third-party software. 2) Booting with a DOS diskette, load third-party NFTS-dos drivers, and move around a couple of files so i get a user manager instead of a login prompt. This is a tricky process and you risk fubaring the system. this means that the one aspect in which windows is far better from a security standpoint is protecting the admin password, since in Linux you only have to boot in single user mode.. it's sad, but true. Damian Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Password Question
Jack Coates wrote: On Sat, 2003-08-30 at 04:54, Damian Gatabria wrote Now if you're talking about resetting the password, that's another matter -- piece of cake in either OS, but resetting the password is not something which will go unnoticed by the real admin. Very cool, now will the "real" admin please stand up -- J. Craig Woods UNIX Network/System Engineer http://www.trismegistus.net/resume.htm Let him that would move the world, first move himself. --Socrates Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Password Question
On Sat, 2003-08-30 at 04:54, Damian Gatabria wrote: ... > Yet, i hate the fact that cracking the admin password in Win2k is > harder than in Linux... :o/ Maybe in theory, but I've never had the patience to wait for a john the ripper run to finish on any of my shadow files. If it takes more than a day to crack, it's good enough for me. If you're using 'password', you're screwed no matter which OS you're running. Now if you're talking about resetting the password, that's another matter -- piece of cake in either OS, but resetting the password is not something which will go unnoticed by the real admin. -- Jack Coates Monkeynoodle: A Scientific Venture... Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [expert] Password Question
>-Original Message- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] Behalf Of Damian Gatabria >Sent: Saturday, 30 August 2003 7:55 PM >To: [EMAIL PROTECTED] >Subject: Re: [expert] Password Question > > >El sáb, 30-08-2003 a las 18:24, Jack Coates escribió: >> On Sat, 2003-08-30 at 03:44, Damian Gatabria wrote: >> > El mié, 20-08-2003 a las 16:55, Bryan Phinney escribió: >> > > On Wednesday 20 August 2003 10:24 am, Lawson, Jim wrote: >> > > > Okay So I just read an article that said mandrake 9.1 can >reset any windoz >> > > > password. Can any linux distro password for root or any >other user be >> > > > reset. Say if you forgot it? >> > > > >> > > > James S. Lawson >> > > > Network Administrator >> > > >> > > The only way that I know of to do this is to bring the >computer up in Single >> > > User mode and reset root password from there. You should >be able to do that >> > > by putting options in Lilo at boot to bring up Linux in >single user mode. >> > > >> > > If you have password protected Lilo, I am not sure that you >can reset the root >> > > password without some type of reinstall. >> > >> > >> > How do you password protec Lilo? :o)) >> >> you put a password in /etc/lilo.conf and run /sbin/lilo. >> >> Users must then enter the password in order to boot any kernels listed >> by lilo. It isn't used all that much to my knowledge -- laptop users >> generally use the BIOS password, desktops users generally don't use boot >> passwords, and servers need to be able to reboot without physical help. > >Yet, i hate the fact that cracking the admin password in Win2k is >harder than in Linux... :o/ > Using linux single to reset the password is not cracking it.. Since you can't find out what the old password was, you are just creating a new one. That was done on purpose because many people forget the root password and a reinstall each time they did would be annoying. I can't remember how I did it, but I know I have used a win2000 CD to get around an unknown XP password.. I found out how to do that on the net. For people that don't want to be able to recover from a lost root password.. passwording lilo is provided.. What more could you want?? easy recovery for the newbies, and strong local security for those that desire it. regards Franki Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Password Question
El sáb, 30-08-2003 a las 18:24, Jack Coates escribió: > On Sat, 2003-08-30 at 03:44, Damian Gatabria wrote: > > El mié, 20-08-2003 a las 16:55, Bryan Phinney escribió: > > > On Wednesday 20 August 2003 10:24 am, Lawson, Jim wrote: > > > > Okay So I just read an article that said mandrake 9.1 can reset any windoz > > > > password. Can any linux distro password for root or any other user be > > > > reset. Say if you forgot it? > > > > > > > > James S. Lawson > > > > Network Administrator > > > > > > The only way that I know of to do this is to bring the computer up in Single > > > User mode and reset root password from there. You should be able to do that > > > by putting options in Lilo at boot to bring up Linux in single user mode. > > > > > > If you have password protected Lilo, I am not sure that you can reset the root > > > password without some type of reinstall. > > > > > > How do you password protec Lilo? :o)) > > you put a password in /etc/lilo.conf and run /sbin/lilo. > > Users must then enter the password in order to boot any kernels listed > by lilo. It isn't used all that much to my knowledge -- laptop users > generally use the BIOS password, desktops users generally don't use boot > passwords, and servers need to be able to reboot without physical help. Yet, i hate the fact that cracking the admin password in Win2k is harder than in Linux... :o/ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Password Question
On Sat, 2003-08-30 at 03:44, Damian Gatabria wrote: > El mié, 20-08-2003 a las 16:55, Bryan Phinney escribió: > > On Wednesday 20 August 2003 10:24 am, Lawson, Jim wrote: > > > Okay So I just read an article that said mandrake 9.1 can reset any windoz > > > password. Can any linux distro password for root or any other user be > > > reset. Say if you forgot it? > > > > > > James S. Lawson > > > Network Administrator > > > > The only way that I know of to do this is to bring the computer up in Single > > User mode and reset root password from there. You should be able to do that > > by putting options in Lilo at boot to bring up Linux in single user mode. > > > > If you have password protected Lilo, I am not sure that you can reset the root > > password without some type of reinstall. > > > How do you password protec Lilo? :o)) you put a password in /etc/lilo.conf and run /sbin/lilo. Users must then enter the password in order to boot any kernels listed by lilo. It isn't used all that much to my knowledge -- laptop users generally use the BIOS password, desktops users generally don't use boot passwords, and servers need to be able to reboot without physical help. -- Jack Coates Monkeynoodle: A Scientific Venture... Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Password Question
El mié, 20-08-2003 a las 16:55, Bryan Phinney escribió: > On Wednesday 20 August 2003 10:24 am, Lawson, Jim wrote: > > Okay So I just read an article that said mandrake 9.1 can reset any windoz > > password. Can any linux distro password for root or any other user be > > reset. Say if you forgot it? > > > > James S. Lawson > > Network Administrator > > The only way that I know of to do this is to bring the computer up in Single > User mode and reset root password from there. You should be able to do that > by putting options in Lilo at boot to bring up Linux in single user mode. > > If you have password protected Lilo, I am not sure that you can reset the root > password without some type of reinstall. How do you password protec Lilo? :o)) Damian Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Password Question
On Friday 22 August 2003 08:33 am, Lawson, Jim wrote: Except that /etc/password doesn't have any passwords in it, it's the /etc/shadow file that holds the passwords. RC > Thanks for t his great answer. So All are that easy to change. Unless there > are other precautions take to stop this. > > -Original Message- > From: Jim C [mailto:[EMAIL PROTECTED] > Sent: Thursday, August 21, 2003 8:13 PM > To: [EMAIL PROTECTED] > Subject: Re: [expert] Password Question > > >As for linux being able to bypass windows passwords, if it can, then its > >likely the same thing would be doable from any OS that can read NTFS.. > > not just linux, so you might see the same thing from freedos or any *BSD > > variant in the future. > > The /etc/passwd file in Linux is just as accessible. Boot from a disk > and it is easy to change or reset passwords. > Most people want to have this capability however, just in case. Any > resulting secureity hole is easily managed by physical security (i.e. > lock up the machine). > In extreme cases, one might add a BIOS password and turn off booting > from CD/Floppy, however. This should work for both OS's. > > Jim C. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [expert] Password Question
Thanks for t his great answer. So All are that easy to change. Unless there are other precautions take to stop this. -Original Message- From: Jim C [mailto:[EMAIL PROTECTED] Sent: Thursday, August 21, 2003 8:13 PM To: [EMAIL PROTECTED] Subject: Re: [expert] Password Question >As for linux being able to bypass windows passwords, if it can, then its >likely the same thing would be doable from any OS that can read NTFS.. not >just linux, so you might see the same thing from freedos or any *BSD >variant in the future. > > The /etc/passwd file in Linux is just as accessible. Boot from a disk and it is easy to change or reset passwords. Most people want to have this capability however, just in case. Any resulting secureity hole is easily managed by physical security (i.e. lock up the machine). In extreme cases, one might add a BIOS password and turn off booting from CD/Floppy, however. This should work for both OS's. Jim C. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [expert] Password Question
On Thu, 2003-08-21 at 07:44, Lawson, Jim wrote: > Not true Anne if you implement security in windows everyone is not a > admin. > But The fact that knnopix can access any windows file system is dangerous to > me to run Windoze. > > I read an article the other day that said mandrake 9.1 and other stuff can > easily reset Windoze passwords. Evewn the administrator one. I don't like > this. this is why I am asking this question. > > I happen to love Linux. You don't have to convince me. I have to convince my > bosses. IT Director. That is why I am asking these questions to the expert > group so I have more evidence that Windoze has to go. > > -Original Message- > From: Frankie [mailto:[EMAIL PROTECTED] > Sent: Thursday, August 21, 2003 9:55 AM > To: [EMAIL PROTECTED] > Subject: RE: [expert] Password Question > > > >-Original Message- > >From: [EMAIL PROTECTED] > >[mailto:[EMAIL PROTECTED] Behalf Of Lawson, Jim > >Sent: Thursday, 21 August 2003 8:39 PM > >To: '[EMAIL PROTECTED]' > >Subject: RE: [expert] Password Question > > > > > >Anne it is from a secruity postion. I want to find out ow much more secure > >Linux is than windows. > > > > Well that is easy... > > 1. A file in linux is not executable until you tell it its executable. >A file in Doze IS exectuable by virtue of having an executable > extension. (.bat, .com, .exe etc). > > 2. In windows, everyone is the administrator, so anyone can totally trash > the system. >In Linux, everyone is a user, so can only trash their own user space. > > 3. literally thousands of virus's/worms/trojans have been written for > windows. >Literally a tiny handful of test virus/worms have been written for > linux. > > 4. Windoze is all open from scratch, and its up to the user to tighten it > up. >Linux is by default much tighter then windows, and its easy to tighten > it up more. (for example with msec on mandrkae.) > > > As for the password issue, win95 provides practically no password > protection at all, and what little it does provide is easy enough to > circumvent. > > NT/2000/XP/2003 are much better in that regard, but a ton of flaws have > been found to get around them as well. > (for one thing, apparently you can use a win2000 CD to access XP partition. > > So, take your pick.. > > hundreds of government bodies that are switching to linux en mass after > years of windows dominance is a telling indicator of where their faith is.. > > Having said that, If you take a winXP or 2000 system, fully patch it.. get > rid of IIS, IE and outlook Express. > (replace with apache and mozilla browser and mozilla mail for windows > respectively) > and run a firewall and antivir program or two would be pretty secure > comparitively as well. > > Still not as tight as a well concieved linux install, but pretty good none > the less. > > But we are a linux list so I will not push you in that direction. > Also, keep in mind that the M$ version will cost you a whole heap more. > > > regards > > Franki Franki, Where windows is a lot more fragile than Linux at the command line there are a few things I have fun with.. Drop to DOS and you can remove pwl files which are the windows version of /etc/password. Not it may not give you access. But it sure does cause problems. One thing to note. If you give me console and access to a cdrom and or floppy. I can on about 90% of the systems in either Linux or Windows, begin to access things I shouldn't be able to. Note that this takes bringing the computer down, then back up. In a windows world watching for reboots would be an effort in frustration, since although 2000 and XP are a lot more stable reboots are still a normal course of business in dealing with windows related problems for the user. In Linux the user should rarely reboot. So watching for those could be a security boon. What's more important would be things like. External security. Hardware costs (an older 750mhz 128MB ram box makes an excellent file server for groups or divisions, or heck it makes a great desktop. Also the need for monitors etc goes down. Since you only need a shell to maintain servers. So the company can spread out capital expenditure over years instead of months.) IT costs (one Linux IT person per 30 boxes vs one MCSE per 10 boxes.) Productivity loses. (Less time spent rebooting means more time working.) Monitoring. (compare Linux logging to XP) System integration into a windows world. (They can slowly replace boxes and still keep intreroperability.) Data Integrity.(Yes windows has a trash can but Linux is better suited for backups both full and partial, as wel
Re: [expert] Password Question
As for linux being able to bypass windows passwords, if it can, then its likely the same thing would be doable from any OS that can read NTFS.. not just linux, so you might see the same thing from freedos or any *BSD variant in the future. The /etc/passwd file in Linux is just as accessible. Boot from a disk and it is easy to change or reset passwords. Most people want to have this capability however, just in case. Any resulting secureity hole is easily managed by physical security (i.e. lock up the machine). In extreme cases, one might add a BIOS password and turn off booting from CD/Floppy, however. This should work for both OS's. Jim C. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [expert] Password Question
On Thu, 2003-08-21 at 10:44, Lawson, Jim wrote: > Not true Anne if you implement security in windows everyone is not a > admin. > But The fact that knnopix can access any windows file system is dangerous to > me to run Windoze. > > I read an article the other day that said mandrake 9.1 and other stuff can > easily reset Windoze passwords. Evewn the administrator one. I don't like > this. this is why I am asking this question. > > I happen to love Linux. You don't have to convince me. I have to convince my > bosses. IT Director. That is why I am asking these questions to the expert > group so I have more evidence that Windoze has to go. I don't recommend any writing to NTFS partitions. (from M$ products either, if you have a choice). as corruption of other files has been known to occur. any install of Linux should be able to screw with any FAT partition, and delete files you could not delete from windoze > -Original Message- > From: Frankie [mailto:[EMAIL PROTECTED] > Sent: Thursday, August 21, 2003 9:55 AM > To: [EMAIL PROTECTED] > Subject: RE: [expert] Password Question > > > >-Original Message- > >From: [EMAIL PROTECTED] > >[mailto:[EMAIL PROTECTED] Behalf Of Lawson, Jim > >Sent: Thursday, 21 August 2003 8:39 PM > >To: '[EMAIL PROTECTED]' > >Subject: RE: [expert] Password Question > > > > > >Anne it is from a secruity postion. I want to find out ow much more secure > >Linux is than windows. > > > > Well that is easy... > > 1. A file in linux is not executable until you tell it its executable. >A file in Doze IS exectuable by virtue of having an executable > extension. (.bat, .com, .exe etc). > > 2. In windows, everyone is the administrator, so anyone can totally trash > the system. >In Linux, everyone is a user, so can only trash their own user space. > > 3. literally thousands of virus's/worms/trojans have been written for > windows. >Literally a tiny handful of test virus/worms have been written for > linux. > > 4. Windoze is all open from scratch, and its up to the user to tighten it > up. >Linux is by default much tighter then windows, and its easy to tighten > it up more. (for example with msec on mandrkae.) > > > As for the password issue, win95 provides practically no password > protection at all, and what little it does provide is easy enough to > circumvent. > > NT/2000/XP/2003 are much better in that regard, but a ton of flaws have > been found to get around them as well. > (for one thing, apparently you can use a win2000 CD to access XP partition. > > So, take your pick.. > > hundreds of government bodies that are switching to linux en mass after > years of windows dominance is a telling indicator of where their faith is.. > > Having said that, If you take a winXP or 2000 system, fully patch it.. get > rid of IIS, IE and outlook Express. > (replace with apache and mozilla browser and mozilla mail for windows > respectively) > and run a firewall and antivir program or two would be pretty secure > comparitively as well. > > Still not as tight as a well concieved linux install, but pretty good none > the less. > > But we are a linux list so I will not push you in that direction. > Also, keep in mind that the M$ version will cost you a whole heap more. > > > regards > > Franki > > > > > > > > > > > > > __ > > Want to buy your Pack or Services from MandrakeSoft? > Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [expert] Password Question
Thanks for a great answer. What are the exploits. -Original Message- From: lorne [mailto:[EMAIL PROTECTED] Sent: Thursday, August 21, 2003 11:34 AM To: [EMAIL PROTECTED] Subject: Re: [expert] Password Question On Wednesday 20 August 2003 07:24 am, Lawson, Jim wrote: > Okay So I just read an article that said mandrake 9.1 can reset any windoz > password. Can any linux distro password for root or any other user be > reset. Say if you forgot it? > Microsoft has given lip service that it is getting serious about security, yet they have the weakest password hash system of anyone out there. I have a linux floppy that I can use to change the password. I have a commercial CD that I can pop in and change any password. I can sniff they passwords over the wire and get anyones password in short order. Yes, there ARE tools to get into a linux system. The system has to come down though. Unless someone knows of some weakness to exploit I'm unaware of. > James S. Lawson > Network Administrator > > (@ @) > oOO--(_)--OOo- > > Notice: This message, and any attached file, is intended only for the > use of the individual or entity to which it is addressed, and may > contain information that is privileged, confidential and exempt from > disclosure under applicable law. If the reader of this message is not > the intended recipient, you are hereby notified that any dissemination, > distribution or copying of this communication is strictly prohibited. > Nothing in this e-mail message should be construed as a legal opinion. > If you have received this communication in error, please notify us > immediately by reply e-mail and delete all copies of the original > message. Thank you. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Password Question
On Thursday 21 Aug 2003 3:44 pm, Lawson, Jim wrote: > Not true Anne if you implement security in windows everyone is not > a admin. Oops - I don't think it was I who said that . However, win98 doesn't recognise the need for admins, so in that case I guess that makes everyone an admin, in respect that everyone has equal rights. > But The fact that knnopix can access any windows file system is > dangerous to me to run Windoze. > > I read an article the other day that said mandrake 9.1 and other > stuff can easily reset Windoze passwords. Evewn the administrator > one. I don't like this. this is why I am asking this question. > I'm sure someone more knowledgeable than I will answer this, but it seems to me that a linux system would be able to read plain text files, but windows holds passwords in an encrypted state, since 98, so it would not be open to anyone/everyone to see. OTOH, there are freely available windows programs that enable you to read any saved password. I have one (somewhere on a cd) called Snadboy Revelation in which you run it in the background, launch the app in question, highlight the asterisks in the login panel, and read off what the password was. If it's that easy, it shouldn't be too difficult for a determined person to crack the encryption - the way Revelation works implies to me that there is a well-known algorithm for passwords, and if it is so, then yes, windows passwords are inherently unsafe. > I happen to love Linux. You don't have to convince me. I have to > convince my bosses. IT Director. That is why I am asking these > questions to the expert group so I have more evidence that Windoze > has to go. > Good luck. Anne Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Password Question
On Wednesday 20 August 2003 07:24 am, Lawson, Jim wrote: > Okay So I just read an article that said mandrake 9.1 can reset any windoz > password. Can any linux distro password for root or any other user be > reset. Say if you forgot it? > Microsoft has given lip service that it is getting serious about security, yet they have the weakest password hash system of anyone out there. I have a linux floppy that I can use to change the password. I have a commercial CD that I can pop in and change any password. I can sniff they passwords over the wire and get anyones password in short order. Yes, there ARE tools to get into a linux system. The system has to come down though. Unless someone knows of some weakness to exploit I'm unaware of. > James S. Lawson > Network Administrator > > (@ @) > oOO--(_)--OOo- > > Notice: This message, and any attached file, is intended only for the > use of the individual or entity to which it is addressed, and may > contain information that is privileged, confidential and exempt from > disclosure under applicable law. If the reader of this message is not > the intended recipient, you are hereby notified that any dissemination, > distribution or copying of this communication is strictly prohibited. > Nothing in this e-mail message should be construed as a legal opinion. > If you have received this communication in error, please notify us > immediately by reply e-mail and delete all copies of the original > message. Thank you. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [expert] Password Question
Hi Jim, I am not Anne, I suspect she is much nicer to look at them am I. I can tell you with regards to windows security that on XP pro and home, new users are created with admin rights.. you have to explicitly change that if you want to. Whereas in linux, a person doens't have admin rights unless you explicitly give it to them. As for linux being able to bypass windows passwords, if it can, then its likely the same thing would be doable from any OS that can read NTFS.. not just linux, so you might see the same thing from freedos or any *BSD variant in the future. Mandrake can actually resize NTFS partitions, so it would not surprise me at all to learn you can use it to bypass windoze security. If you want to stop being able to boot a linux CD, then password protect your bios and stop the booting from CD or floppy. At least then they will have to take the cover of your PC and reset the bios to be able to do it. regards Franki --- Not true Anne if you implement security in windows everyone is not a admin. But The fact that knnopix can access any windows file system is dangerous to me to run Windoze. I read an article the other day that said mandrake 9.1 and other stuff can easily reset Windoze passwords. Evewn the administrator one. I don't like this. this is why I am asking this question. I happen to love Linux. You don't have to convince me. I have to convince my bosses. IT Director. That is why I am asking these questions to the expert group so I have more evidence that Windoze has to go. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [expert] Password Question
Not true Anne if you implement security in windows everyone is not a admin. But The fact that knnopix can access any windows file system is dangerous to me to run Windoze. I read an article the other day that said mandrake 9.1 and other stuff can easily reset Windoze passwords. Evewn the administrator one. I don't like this. this is why I am asking this question. I happen to love Linux. You don't have to convince me. I have to convince my bosses. IT Director. That is why I am asking these questions to the expert group so I have more evidence that Windoze has to go. -Original Message- From: Frankie [mailto:[EMAIL PROTECTED] Sent: Thursday, August 21, 2003 9:55 AM To: [EMAIL PROTECTED] Subject: RE: [expert] Password Question >-Original Message- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] Behalf Of Lawson, Jim >Sent: Thursday, 21 August 2003 8:39 PM >To: '[EMAIL PROTECTED]' >Subject: RE: [expert] Password Question > > >Anne it is from a secruity postion. I want to find out ow much more secure >Linux is than windows. > Well that is easy... 1. A file in linux is not executable until you tell it its executable. A file in Doze IS exectuable by virtue of having an executable extension. (.bat, .com, .exe etc). 2. In windows, everyone is the administrator, so anyone can totally trash the system. In Linux, everyone is a user, so can only trash their own user space. 3. literally thousands of virus's/worms/trojans have been written for windows. Literally a tiny handful of test virus/worms have been written for linux. 4. Windoze is all open from scratch, and its up to the user to tighten it up. Linux is by default much tighter then windows, and its easy to tighten it up more. (for example with msec on mandrkae.) As for the password issue, win95 provides practically no password protection at all, and what little it does provide is easy enough to circumvent. NT/2000/XP/2003 are much better in that regard, but a ton of flaws have been found to get around them as well. (for one thing, apparently you can use a win2000 CD to access XP partition. So, take your pick.. hundreds of government bodies that are switching to linux en mass after years of windows dominance is a telling indicator of where their faith is.. Having said that, If you take a winXP or 2000 system, fully patch it.. get rid of IIS, IE and outlook Express. (replace with apache and mozilla browser and mozilla mail for windows respectively) and run a firewall and antivir program or two would be pretty secure comparitively as well. Still not as tight as a well concieved linux install, but pretty good none the less. But we are a linux list so I will not push you in that direction. Also, keep in mind that the M$ version will cost you a whole heap more. regards Franki Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [expert] Password Question
>-Original Message- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] Behalf Of Lawson, Jim >Sent: Thursday, 21 August 2003 8:39 PM >To: '[EMAIL PROTECTED]' >Subject: RE: [expert] Password Question > > >Anne it is from a secruity postion. I want to find out ow much more secure >Linux is than windows. > Well that is easy... 1. A file in linux is not executable until you tell it its executable. A file in Doze IS exectuable by virtue of having an executable extension. (.bat, .com, .exe etc). 2. In windows, everyone is the administrator, so anyone can totally trash the system. In Linux, everyone is a user, so can only trash their own user space. 3. literally thousands of virus's/worms/trojans have been written for windows. Literally a tiny handful of test virus/worms have been written for linux. 4. Windoze is all open from scratch, and its up to the user to tighten it up. Linux is by default much tighter then windows, and its easy to tighten it up more. (for example with msec on mandrkae.) As for the password issue, win95 provides practically no password protection at all, and what little it does provide is easy enough to circumvent. NT/2000/XP/2003 are much better in that regard, but a ton of flaws have been found to get around them as well. (for one thing, apparently you can use a win2000 CD to access XP partition. So, take your pick.. hundreds of government bodies that are switching to linux en mass after years of windows dominance is a telling indicator of where their faith is.. Having said that, If you take a winXP or 2000 system, fully patch it.. get rid of IIS, IE and outlook Express. (replace with apache and mozilla browser and mozilla mail for windows respectively) and run a firewall and antivir program or two would be pretty secure comparitively as well. Still not as tight as a well concieved linux install, but pretty good none the less. But we are a linux list so I will not push you in that direction. Also, keep in mind that the M$ version will cost you a whole heap more. regards Franki Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [expert] Password Question
Anne it is from a secruity postion. I want to find out ow much more secure Linux is than windows. -Original Message- From: Anne Wilson [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 20, 2003 2:32 PM To: [EMAIL PROTECTED] Subject: Re: [expert] Password Question On Wednesday 20 Aug 2003 6:10 pm, ed tharp wrote: > On Wed, 2003-08-20 at 10:55, Bryan Phinney wrote: > > On Wednesday 20 August 2003 10:24 am, Lawson, Jim wrote: > > > Okay So I just read an article that said mandrake 9.1 can reset > > > any windoz password. Can any linux distro password for root or > > > any other user be reset. Say if you forgot it? > > > > > > James S. Lawson > > > Network Administrator > > > > The only way that I know of to do this is to bring the computer > > up in Single User mode and reset root password from there. You > > should be able to do that by putting options in Lilo at boot to > > bring up Linux in single user mode. > > > > If you have password protected Lilo, I am not sure that you can > > reset the root password without some type of reinstall. > > and you can password protect the BIOS. and lock the door to the > room the box is held in. Perhaps I'm being thick, but I thought he was concerned about passwords in his windows partition? Anne Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Password Question
On Thursday 21 Aug 2003 1:15 am, Jack Coates wrote: > On Wed, 2003-08-20 at 11:31, Anne Wilson wrote: > > On Wednesday 20 Aug 2003 6:10 pm, ed tharp wrote: > > > On Wed, 2003-08-20 at 10:55, Bryan Phinney wrote: > > > > On Wednesday 20 August 2003 10:24 am, Lawson, Jim wrote: > > > > > Okay So I just read an article that said mandrake 9.1 can > > > > > reset any windoz password. Can any linux distro password > > > > > for root or any other user be reset. Say if you forgot it? > > > > > > > > > > James S. Lawson > > > > > Network Administrator > > > > > > > > The only way that I know of to do this is to bring the > > > > computer up in Single User mode and reset root password from > > > > there. You should be able to do that by putting options in > > > > Lilo at boot to bring up Linux in single user mode. > > > > > > > > If you have password protected Lilo, I am not sure that you > > > > can reset the root password without some type of reinstall. > > > > > > and you can password protect the BIOS. and lock the door to the > > > room the box is held in. > > > > Perhaps I'm being thick, but I thought he was concerned about > > passwords in his windows partition? > > > > Anne > > and wanted to change them. Which is why I recommended TRK. It could > be done with a Mandrake disk if you were exceedingly clever and > knew what you wanted to do, but Trinity Rescue Kit has prebuilt > tools for this task Ah - I see. I don't know TRK, but I can see that it would be an excellent tool for sysadmins. I was confused because most of the answers seemed to be pointing towards changing his root password - or so I thought. Never mind, I'll go back to sleep Anne Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Password Question
On Wed, 2003-08-20 at 11:31, Anne Wilson wrote: > On Wednesday 20 Aug 2003 6:10 pm, ed tharp wrote: > > On Wed, 2003-08-20 at 10:55, Bryan Phinney wrote: > > > On Wednesday 20 August 2003 10:24 am, Lawson, Jim wrote: > > > > Okay So I just read an article that said mandrake 9.1 can reset > > > > any windoz password. Can any linux distro password for root or > > > > any other user be reset. Say if you forgot it? > > > > > > > > James S. Lawson > > > > Network Administrator > > > > > > The only way that I know of to do this is to bring the computer > > > up in Single User mode and reset root password from there. You > > > should be able to do that by putting options in Lilo at boot to > > > bring up Linux in single user mode. > > > > > > If you have password protected Lilo, I am not sure that you can > > > reset the root password without some type of reinstall. > > > > and you can password protect the BIOS. and lock the door to the > > room the box is held in. > > Perhaps I'm being thick, but I thought he was concerned about > passwords in his windows partition? > > Anne > and wanted to change them. Which is why I recommended TRK. It could be done with a Mandrake disk if you were exceedingly clever and knew what you wanted to do, but Trinity Rescue Kit has prebuilt tools for this task -- Jack Coates Monkeynoodle: A Scientific Venture... Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Password Question
On Wednesday 20 Aug 2003 6:10 pm, ed tharp wrote: > On Wed, 2003-08-20 at 10:55, Bryan Phinney wrote: > > On Wednesday 20 August 2003 10:24 am, Lawson, Jim wrote: > > > Okay So I just read an article that said mandrake 9.1 can reset > > > any windoz password. Can any linux distro password for root or > > > any other user be reset. Say if you forgot it? > > > > > > James S. Lawson > > > Network Administrator > > > > The only way that I know of to do this is to bring the computer > > up in Single User mode and reset root password from there. You > > should be able to do that by putting options in Lilo at boot to > > bring up Linux in single user mode. > > > > If you have password protected Lilo, I am not sure that you can > > reset the root password without some type of reinstall. > > and you can password protect the BIOS. and lock the door to the > room the box is held in. Perhaps I'm being thick, but I thought he was concerned about passwords in his windows partition? Anne Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Password Question
On Wed, 2003-08-20 at 10:55, Bryan Phinney wrote: > On Wednesday 20 August 2003 10:24 am, Lawson, Jim wrote: > > Okay So I just read an article that said mandrake 9.1 can reset any windoz > > password. Can any linux distro password for root or any other user be > > reset. Say if you forgot it? > > > > James S. Lawson > > Network Administrator > > The only way that I know of to do this is to bring the computer up in Single > User mode and reset root password from there. You should be able to do that > by putting options in Lilo at boot to bring up Linux in single user mode. > > If you have password protected Lilo, I am not sure that you can reset the root > password without some type of reinstall. and you can password protect the BIOS. and lock the door to the room the box is held in. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [expert] Password Question
thanks for everyones answer. Looks like linux is way more secure than windoz. -Original Message- From: Bryan Phinney [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 20, 2003 10:55 AM To: [EMAIL PROTECTED] Subject: Re: [expert] Password Question On Wednesday 20 August 2003 10:24 am, Lawson, Jim wrote: > Okay So I just read an article that said mandrake 9.1 can reset any windoz > password. Can any linux distro password for root or any other user be > reset. Say if you forgot it? > > James S. Lawson > Network Administrator The only way that I know of to do this is to bring the computer up in Single User mode and reset root password from there. You should be able to do that by putting options in Lilo at boot to bring up Linux in single user mode. If you have password protected Lilo, I am not sure that you can reset the root password without some type of reinstall. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Password Question
On Wednesday 20 August 2003 10:55 am, Bryan Phinney wrote: You have to re boot with disk1 of your Mandrake install disks and type "rescue". Then when the system comes up you will need to remount the partition that has your "/etc" dir on it in read/write mode. Go in to the /etc dir and edit the "/etc/shadow" file and delete the password portion of the root user and save the file. This makes root without a password. Reboot and reset your password. Ralph > On Wednesday 20 August 2003 10:24 am, Lawson, Jim wrote: > > Okay So I just read an article that said mandrake 9.1 can reset any > > windoz password. Can any linux distro password for root or any other user > > be reset. Say if you forgot it? > > > > James S. Lawson > > Network Administrator > > The only way that I know of to do this is to bring the computer up in > Single User mode and reset root password from there. You should be able to > do that by putting options in Lilo at boot to bring up Linux in single user > mode. > > If you have password protected Lilo, I am not sure that you can reset the > root password without some type of reinstall. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Password Question
trinity rescue kit I love it. On Wed, 2003-08-20 at 07:24, Lawson, Jim wrote: > Okay So I just read an article that said mandrake 9.1 can reset any windoz > password. Can any linux distro password for root or any other user be reset. > Say if you forgot it? > > James S. Lawson > Network Administrator > > (@ @) > oOO--(_)--OOo- > > Notice: This message, and any attached file, is intended only for the > use of the individual or entity to which it is addressed, and may > contain information that is privileged, confidential and exempt from > disclosure under applicable law. If the reader of this message is not > the intended recipient, you are hereby notified that any dissemination, > distribution or copying of this communication is strictly prohibited. > Nothing in this e-mail message should be construed as a legal opinion. > If you have received this communication in error, please notify us > immediately by reply e-mail and delete all copies of the original > message. Thank you. > > > > > __ > > Want to buy your Pack or Services from MandrakeSoft? > Go to http://www.mandrakestore.com -- Jack Coates Monkeynoodle: A Scientific Venture... Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Password Question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wednesday 20 August 2003 16:55, Bryan Phinney wrote: > On Wednesday 20 August 2003 10:24 am, Lawson, Jim wrote: > > Okay So I just read an article that said mandrake 9.1 can reset any > > windoz password. Can any linux distro password for root or any other user > > be reset. Say if you forgot it? > > > > James S. Lawson > > Network Administrator > > The only way that I know of to do this is to bring the computer up in > Single User mode and reset root password from there. You should be able to > do that by putting options in Lilo at boot to bring up Linux in single user > mode. > > If you have password protected Lilo, I am not sure that you can reset the > root password without some type of reinstall. You can mount the filesystem from a rescue cd like knopix and remove the passwords from /etc/passwd and shadow ;-) Mike - -- - --- E-mail : [EMAIL PROTECTED] Amsterdam Function : ICT Consultant - - Dont worry, we always have a backup of you -- PGP Fingerprint: 7FFB 828C 2CE6 E996 2308 B0B3 E445 6E8B D9D1 5BAB -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/Q5XzOOuo8bwGbFQRAkqJAKC+8EM75hB1KnQ+giCZoWUlMOVwNwCgyncc bw1nrPdkWE6UvPOf48h0b4Q= =/Djr -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Password Question
On Wednesday 20 August 2003 10:24 am, Lawson, Jim wrote: > Okay So I just read an article that said mandrake 9.1 can reset any windoz > password. Can any linux distro password for root or any other user be > reset. Say if you forgot it? > > James S. Lawson > Network Administrator The only way that I know of to do this is to bring the computer up in Single User mode and reset root password from there. You should be able to do that by putting options in Lilo at boot to bring up Linux in single user mode. If you have password protected Lilo, I am not sure that you can reset the root password without some type of reinstall. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] Password Question
Okay So I just read an article that said mandrake 9.1 can reset any windoz password. Can any linux distro password for root or any other user be reset. Say if you forgot it? James S. Lawson Network Administrator (@ @) oOO--(_)--OOo- Notice: This message, and any attached file, is intended only for the use of the individual or entity to which it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. Nothing in this e-mail message should be construed as a legal opinion. If you have received this communication in error, please notify us immediately by reply e-mail and delete all copies of the original message. Thank you. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
