try setting your password as user (on a shell), not as root, it would stop you setting simple passwords, if cracklib is installed. so if you (as root) not setting simple passwords, and users are not allowed to change them bypassing cracklib, the risk of simple dictionary attacks is minimized. m ps: I know it isn't perfect, but at least it stops the obvious. On 22.06.2005, at 13:26, VoIP wrote:
> Thanks for all good advices. I basically concern all security issue. > That is why I use TSL after my host was hacked 6 months ago. > Protecting my data is the first priority. Any good techniques are > welcome. Also, I wonder if basic setup of TSL is vulnerable to > password cracking. > > Thanks a lot. > > On 6/22/05, Matthias Subik <[EMAIL PROTECTED]> wrote: > >> >> On 22.06.2005, at 10:48, Vidar Tyldum Hansen wrote: >> >> VoIP wrote: >> How can an user account be disabled after 3 login tries? I am >> using SSH. >> >> So that if I happen to know where your box is and one of the >> lusers on >> it (say root) I can do a denial of service attack? >> Read through pam development, there are lots of source code out >> there that >> might do what you want, >> but as Vidar already noted, I would be concerned to open your box >> to a >> denial of service attack. >> >> You could think about what is worse, >> beeing locked out as a legitimate user, or beeing locked out b/c >> of a short >> term memory loss, >> >> alternatively having somebody trying dictionary passwords, but if >> you allow >> only cracklib check passwords for your users, that would fail >> ultimately. >> >> just my two cents >> matthias >> >> > _______________________________________________ tsl-discuss mailing list [email protected] http://lists.trustix.org/mailman/listinfo/tsl-discuss
