LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/LDP/LG/issue51/tag/15.html

199 lines
7.6 KiB
HTML
Raw Permalink Blame History

<!--startcut ======================================================= -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<html>
<head>
<META NAME="generator" CONTENT="lgazmail v1.3C.e">
<TITLE>The Answer Guy 51: Simpler Way to Recover From a Lost Password</TITLE>
</HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"
LINK="#3366FF" VLINK="#A000A0">
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<H4>"The Linux Gazette...<I>making Linux just a little more fun!</I>"</H4>
<P> <hr> <P>
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<center>
<H1><A NAME="answer">
<img src="../../gx/dennis/qbubble.gif" alt="(?)"
border="0" align="middle">
<font color="#B03060">The Answer Guy</font>
<img src="../../gx/dennis/bbubble.gif" alt="(!)"
border="0" align="middle">
</A></H1>
<BR>
<H4>By James T. Dennis,
<a href="mailto:linux-questions-only@ssc.com">linux-questions-only@ssc.com</a><BR>
LinuxCare,
<A HREF="http://www.linuxcare.com/">http://www.linuxcare.com/</A>
</H4>
</center>
<p><hr><p>
<!-- endcut ======================================================= -->
<!-- begin 15 -->
<H3 align="left"><img src="../../gx/dennis/bbubble.gif"
height="50" width="60" alt="(!) " border="0"
>Simpler Way to Recover From a Lost Password</H3>
<p><strong>From mjschack on Mon, 21 Feb 2000
</strong></p>
<!-- ::
Simpler Way to Recover From a Lost Password
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<P><STRONG>
Hello,
</STRONG></P>
<P><STRONG>
In reference to your explanation of how to recover a lost password in the
current issue of the Linux Gazette, there is a simpler method.
</STRONG></P>
<P><STRONG>
For instance, if your kernel is labeled "linux," you could reboot (assuming
your currently using the system), type "<tt>linux 1</tt>" at the boot prompt,
boot to
single-user mode, type "<tt>passwd</tt>" when at the prompt and then enter a new
password. To get it all in one logical sequence, the next command could be
"<tt>telinit 3</tt>" or if XDM is running the show, "<tt>telinit 5</tt>."
"<tt>Telinit 6</tt>" in this
scenario wouldn't be necessary, since no volatile changes to the disk have
been made.
</STRONG></P>
<P><STRONG>
Just my two cents.
<br>Sincerely,
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
>
That will work on some Linux distributions under some
configurations. However, most modern distributions use
an "<tt>sulogin</tt>" utility to password protect the single user
mode.
</BLOCKQUOTE>
<BLOCKQUOTE>
The steps I gave will handle most systems. Two cases
that are likely to interfere with the procedure I
outlined would be:
</BLOCKQUOTE>
<BLOCKQUOTE><ol>
<li> System has a LILO password enabled to prevent
passing over-ride parameters to the kernel
<br>AND
<br> System has CMOS password in place to prevent booting
from floppy and other removable media.
<br>
OR
<li> System has ppdd (privacy protected disk driver) installed
and the root filesystem is encrypted.
</ol></BLOCKQUOTE>
<BLOCKQUOTE>
There are ways to get around the second part of problem #1 ---
(which bypasses the LILO password). However, scenario #2
would be VERY difficult to get around.
</BLOCKQUOTE>
<BLOCKQUOTE>
The number of system that are actually secured to this
degree is way less than 1%. This is actually a bit of a
pity in some ways, since users don't REALLY know if their
computer workstation, left unattended in their open cubicle
is trustworthy when they sit down at it in the morning and
type their passwords into it. Ultimately this means that
most businesses have somewhat limited accountability ---
they can't definitely assert that a given user was the one
who used a particular account to violate some policy. This
is a limitation of PCs (and most other commonly available
workstations) that has nothing to do with the OS.
</BLOCKQUOTE>
<BLOCKQUOTE>
As I've described, it's possible to lock down a PC running
Linux so that it takes some pretty studly work to get into
them. However, it's pretty rare.
</BLOCKQUOTE>
<BLOCKQUOTE>
Incidentally, the MBR in recent
<A HREF="http://www.debian.org/">Debian</A> Potato releases may
be insecure from scenario #1. There was a feature added
that allows one to bypass CMOS boot restrictions and boot
from floppy by pressing the apropriate key sequence in
the MBR boot loader.
</BLOCKQUOTE>
<BLOCKQUOTE>
This was discussed a couple of weeks ago one the Bugtraq
security mailing list. It is possible to over-ride this
default using options to the Debian install-mbr command.
See its man page for details.
</BLOCKQUOTE>
<!-- sig -->
<!-- end 15 -->
<!--startcut ======================================================= -->
<P> <hr> <P>
<H5 align="center"><a href="http://www.linuxgazette.com/copying.html"
>Copyright &copy;</a> 2000, James T. Dennis
<BR>Published in <I>The Linux Gazette</I> Issue 51 March 2000</H5>
<H6 ALIGN="center">HTML transformation by
<A HREF="mailto:star@tuxtops.com">Heather Stern</a> of
Tuxtops, Inc.,
<A HREF="http://www.tuxtops.com/">http://www.tuxtops.com/</A>
</H6>
<P> <hr> <P>
<!-- begin tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::-->
<TABLE WIDTH="95%"><TR VALIGN="center" ALIGN="center">
<TD colspan="2" rowspan="2"><A
HREF="../lg_answer51.html"
><IMG SRC="../../gx/dennis/answernew.gif"
ALT="[ Answer Guy Current Index ]"></A>
<TD colspan="2" rowspan="2"><A
HREF="../../tag/kb.html"
><IMG SRC="../../gx/dennis/answertoc.gif"
ALT="[ Index of Past Answers ]"></A></td>
<TD WIDTH="11%"><A HREF="../lg_answer51.html#greeting"><img
src="../../gx/dennis/smily.gif" alt="greetings" border="0"></A></TD>
<TD WIDTH="11%"><A HREF="1.html">1</A></TD>
<TD WIDTH="11%"><A HREF="2.html">2</A></TD>
<TD WIDTH="11%"><A HREF="3.html">3</A></TD>
<TD WIDTH="11%"><A HREF="4.html">5</A></TD>
</TR><TR VALIGN="center" ALIGN="center">
<TD WIDTH="11%"><A HREF="5.html">5</A></TD>
<TD WIDTH="11%"><A HREF="6.html">6</A></TD>
<TD WIDTH="11%"><A HREF="7.html">7</A></TD>
<TD WIDTH="11%"><A HREF="8.html">8</A></TD>
<TD WIDTH="11%"><A HREF="9.html">9</A></TD>
</TR><TR VALIGN="center" ALIGN="center">
<TD WIDTH="10%"><A HREF="10.html">10</A></TD>
<TD WIDTH="10%"><A HREF="11.html">11</A></TD>
<TD WIDTH="10%"><A HREF="12.html">12</A></TD>
<TD WIDTH="10%"><A HREF="13.html">13</A></TD>
<TD WIDTH="11%"><A HREF="14.html">14</A></TD>
<TD WIDTH="11%"><A HREF="15.html">15</A></TD>
<TD WIDTH="11%"><A HREF="16.html">16</A></TD>
<TD WIDTH="11%"><A HREF="17.html">17</A></TD>
</TR><TR VALIGN="center" ALIGN="center">
<TD WIDTH="10%"><A HREF="18.html">18</A></TD>
<TD WIDTH="10%"><A HREF="19.html">19</A></TD>
<TD WIDTH="10%"><A HREF="20.html">20</A></TD>
<TD WIDTH="10%"><A HREF="21.html">21</A></TD>
<TD WIDTH="11%"><A HREF="22.html">22</A></TD>
</TR></TABLE>
</TR><TR VALIGN="center" ALIGN="center">
<!-- end tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::::-->
<P> <hr> <P>
<!-- begin lgnav ::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<A HREF="../index.html"
><IMG SRC="../../gx/indexnew.gif" ALT="[ Table Of Contents ]"></A>
<A HREF="../../index.html"
><IMG SRC="../../gx/homenew.gif" ALT="[ Front Page ]"></A>
<A HREF="../lg_bytes51.html"
><IMG SRC="../../gx/back2.gif" ALT="[ Previous Section ]"></A>
<A HREF="../../faq/index.html"
><IMG SRC="../../gx/dennis/faq.gif"
ALT="[ Linux Gazette FAQ ]"></A>
<A HREF="../lg_tips51.html"
><IMG SRC="../../gx/fwd.gif" ALT="[ Next Section ]"></A>
<!-- end lgnav ::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
</BODY></HTML>
<!--endcut ========================================================= -->
Reference in New Issue View Git Blame Copy Permalink