199 lines
7.6 KiB
HTML
199 lines
7.6 KiB
HTML
<!--startcut ======================================================= -->
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
|
|
<html>
|
|
<head>
|
|
<META NAME="generator" CONTENT="lgazmail v1.3C.e">
|
|
<TITLE>The Answer Guy 51: Simpler Way to Recover From a Lost Password</TITLE>
|
|
</HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"
|
|
LINK="#3366FF" VLINK="#A000A0">
|
|
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
|
|
<H4>"The Linux Gazette...<I>making Linux just a little more fun!</I>"</H4>
|
|
<P> <hr> <P>
|
|
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
|
|
<center>
|
|
<H1><A NAME="answer">
|
|
<img src="../../gx/dennis/qbubble.gif" alt="(?)"
|
|
border="0" align="middle">
|
|
<font color="#B03060">The Answer Guy</font>
|
|
<img src="../../gx/dennis/bbubble.gif" alt="(!)"
|
|
border="0" align="middle">
|
|
</A></H1>
|
|
<BR>
|
|
<H4>By James T. Dennis,
|
|
<a href="mailto:linux-questions-only@ssc.com">linux-questions-only@ssc.com</a><BR>
|
|
LinuxCare,
|
|
<A HREF="http://www.linuxcare.com/">http://www.linuxcare.com/</A>
|
|
</H4>
|
|
</center>
|
|
|
|
<p><hr><p>
|
|
<!-- endcut ======================================================= -->
|
|
<!-- begin 15 -->
|
|
<H3 align="left"><img src="../../gx/dennis/bbubble.gif"
|
|
height="50" width="60" alt="(!) " border="0"
|
|
>Simpler Way to Recover From a Lost Password</H3>
|
|
|
|
|
|
<p><strong>From mjschack on Mon, 21 Feb 2000
|
|
</strong></p>
|
|
<!-- ::
|
|
Simpler Way to Recover From a Lost Password
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
:: -->
|
|
<P><STRONG>
|
|
Hello,
|
|
</STRONG></P>
|
|
<P><STRONG>
|
|
In reference to your explanation of how to recover a lost password in the
|
|
current issue of the Linux Gazette, there is a simpler method.
|
|
</STRONG></P>
|
|
<P><STRONG>
|
|
For instance, if your kernel is labeled "linux," you could reboot (assuming
|
|
your currently using the system), type "<tt>linux 1</tt>" at the boot prompt,
|
|
boot to
|
|
single-user mode, type "<tt>passwd</tt>" when at the prompt and then enter a new
|
|
password. To get it all in one logical sequence, the next command could be
|
|
"<tt>telinit 3</tt>" or if XDM is running the show, "<tt>telinit 5</tt>."
|
|
"<tt>Telinit 6</tt>" in this
|
|
scenario wouldn't be necessary, since no volatile changes to the disk have
|
|
been made.
|
|
</STRONG></P>
|
|
<P><STRONG>
|
|
Just my two cents.
|
|
<br>Sincerely,
|
|
</STRONG></P>
|
|
<BLOCKQUOTE><IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
>
|
|
That will work on some Linux distributions under some
|
|
configurations. However, most modern distributions use
|
|
an "<tt>sulogin</tt>" utility to password protect the single user
|
|
mode.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
The steps I gave will handle most systems. Two cases
|
|
that are likely to interfere with the procedure I
|
|
outlined would be:
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE><ol>
|
|
<li> System has a LILO password enabled to prevent
|
|
passing over-ride parameters to the kernel
|
|
<br>AND
|
|
<br> System has CMOS password in place to prevent booting
|
|
from floppy and other removable media.
|
|
<br>
|
|
OR
|
|
<li> System has ppdd (privacy protected disk driver) installed
|
|
and the root filesystem is encrypted.
|
|
</ol></BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
There are ways to get around the second part of problem #1 ---
|
|
(which bypasses the LILO password). However, scenario #2
|
|
would be VERY difficult to get around.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
The number of system that are actually secured to this
|
|
degree is way less than 1%. This is actually a bit of a
|
|
pity in some ways, since users don't REALLY know if their
|
|
computer workstation, left unattended in their open cubicle
|
|
is trustworthy when they sit down at it in the morning and
|
|
type their passwords into it. Ultimately this means that
|
|
most businesses have somewhat limited accountability ---
|
|
they can't definitely assert that a given user was the one
|
|
who used a particular account to violate some policy. This
|
|
is a limitation of PCs (and most other commonly available
|
|
workstations) that has nothing to do with the OS.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
As I've described, it's possible to lock down a PC running
|
|
Linux so that it takes some pretty studly work to get into
|
|
them. However, it's pretty rare.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
Incidentally, the MBR in recent
|
|
<A HREF="http://www.debian.org/">Debian</A> Potato releases may
|
|
be insecure from scenario #1. There was a feature added
|
|
that allows one to bypass CMOS boot restrictions and boot
|
|
from floppy by pressing the apropriate key sequence in
|
|
the MBR boot loader.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
This was discussed a couple of weeks ago one the Bugtraq
|
|
security mailing list. It is possible to over-ride this
|
|
default using options to the Debian install-mbr command.
|
|
See its man page for details.
|
|
</BLOCKQUOTE>
|
|
|
|
<!-- sig -->
|
|
|
|
|
|
<!-- end 15 -->
|
|
<!--startcut ======================================================= -->
|
|
<P> <hr> <P>
|
|
<H5 align="center"><a href="http://www.linuxgazette.com/copying.html"
|
|
>Copyright ©</a> 2000, James T. Dennis
|
|
<BR>Published in <I>The Linux Gazette</I> Issue 51 March 2000</H5>
|
|
<H6 ALIGN="center">HTML transformation by
|
|
<A HREF="mailto:star@tuxtops.com">Heather Stern</a> of
|
|
Tuxtops, Inc.,
|
|
<A HREF="http://www.tuxtops.com/">http://www.tuxtops.com/</A>
|
|
</H6>
|
|
<P> <hr> <P>
|
|
<!-- begin tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::-->
|
|
<TABLE WIDTH="95%"><TR VALIGN="center" ALIGN="center">
|
|
<TD colspan="2" rowspan="2"><A
|
|
HREF="../lg_answer51.html"
|
|
><IMG SRC="../../gx/dennis/answernew.gif"
|
|
ALT="[ Answer Guy Current Index ]"></A>
|
|
<TD colspan="2" rowspan="2"><A
|
|
HREF="../../tag/kb.html"
|
|
><IMG SRC="../../gx/dennis/answertoc.gif"
|
|
ALT="[ Index of Past Answers ]"></A></td>
|
|
<TD WIDTH="11%"><A HREF="../lg_answer51.html#greeting"><img
|
|
src="../../gx/dennis/smily.gif" alt="greetings" border="0"></A></TD>
|
|
<TD WIDTH="11%"><A HREF="1.html">1</A></TD>
|
|
<TD WIDTH="11%"><A HREF="2.html">2</A></TD>
|
|
<TD WIDTH="11%"><A HREF="3.html">3</A></TD>
|
|
<TD WIDTH="11%"><A HREF="4.html">5</A></TD>
|
|
</TR><TR VALIGN="center" ALIGN="center">
|
|
<TD WIDTH="11%"><A HREF="5.html">5</A></TD>
|
|
<TD WIDTH="11%"><A HREF="6.html">6</A></TD>
|
|
<TD WIDTH="11%"><A HREF="7.html">7</A></TD>
|
|
<TD WIDTH="11%"><A HREF="8.html">8</A></TD>
|
|
<TD WIDTH="11%"><A HREF="9.html">9</A></TD>
|
|
</TR><TR VALIGN="center" ALIGN="center">
|
|
<TD WIDTH="10%"><A HREF="10.html">10</A></TD>
|
|
<TD WIDTH="10%"><A HREF="11.html">11</A></TD>
|
|
<TD WIDTH="10%"><A HREF="12.html">12</A></TD>
|
|
<TD WIDTH="10%"><A HREF="13.html">13</A></TD>
|
|
<TD WIDTH="11%"><A HREF="14.html">14</A></TD>
|
|
<TD WIDTH="11%"><A HREF="15.html">15</A></TD>
|
|
<TD WIDTH="11%"><A HREF="16.html">16</A></TD>
|
|
<TD WIDTH="11%"><A HREF="17.html">17</A></TD>
|
|
</TR><TR VALIGN="center" ALIGN="center">
|
|
<TD WIDTH="10%"><A HREF="18.html">18</A></TD>
|
|
<TD WIDTH="10%"><A HREF="19.html">19</A></TD>
|
|
<TD WIDTH="10%"><A HREF="20.html">20</A></TD>
|
|
<TD WIDTH="10%"><A HREF="21.html">21</A></TD>
|
|
<TD WIDTH="11%"><A HREF="22.html">22</A></TD>
|
|
</TR></TABLE>
|
|
</TR><TR VALIGN="center" ALIGN="center">
|
|
<!-- end tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::::-->
|
|
<P> <hr> <P>
|
|
<!-- begin lgnav ::::::::::::::::::::::::::::::::::::::::::::::::::: -->
|
|
<A HREF="../index.html"
|
|
><IMG SRC="../../gx/indexnew.gif" ALT="[ Table Of Contents ]"></A>
|
|
<A HREF="../../index.html"
|
|
><IMG SRC="../../gx/homenew.gif" ALT="[ Front Page ]"></A>
|
|
<A HREF="../lg_bytes51.html"
|
|
><IMG SRC="../../gx/back2.gif" ALT="[ Previous Section ]"></A>
|
|
<A HREF="../../faq/index.html"
|
|
><IMG SRC="../../gx/dennis/faq.gif"
|
|
ALT="[ Linux Gazette FAQ ]"></A>
|
|
<A HREF="../lg_tips51.html"
|
|
><IMG SRC="../../gx/fwd.gif" ALT="[ Next Section ]"></A>
|
|
<!-- end lgnav ::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
|
|
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
|
|
</BODY></HTML>
|
|
<!--endcut ========================================================= -->
|