Topic: Secure Password - Disable the "Good password setting&qu

[stuartornum]

Hi,

Im trying to disable the good password setting in SME 7 for new users.

The one where you have to have lower case and upper case and numeric and something non-alphanumeric.

Basically, I want to allow passwords like "123456" or "frank", instead of say "6TH7ha-p"

Any help would be great.

Thanks

[gelcube]

Read the FAQ.

http://no.longer.valid/phpwiki/index.php/SME7FAQs

[stuartornum]

Thanks for the quick response,

I have read the FAQ's and the messages on Sourceforge and I need to put the command;

config setprop passwordstrength Users normal
and
config setprop passwordstrength Ibays normal

Somewhere...

Where do I do this command? Sorry I am very new to SME, but so far this is the only issue I have in setting up.

One comment, I didnt seem to find a DNS server ie BIND on SME?

This isnt a problem I installed it in the command line. and all is working, maybe an add-on later, apart from that SME Server 7 is just super, and much faster than BlueQuartz.

Thanks again

[gelcube]

I have read the FAQ's and the messages on Sourceforge and I need to put the command;

config setprop passwordstrength Users normal
and
config setprop passwordstrength Ibays normal

Somewhere...

You put this command on the command line.  Login to the console as root, and input them from there.

One comment, I didnt seem to find a DNS server ie BIND on SME?

This isnt a problem I installed it in the command line. and all is working, maybe an add-on later, apart from that SME Server 7 is just super, and much faster than BlueQuartz.

You'll want to remove that, as SME has the perfectly capable dnscache and Tinydns running.  You can configure the dns in the "hostname and addresses" panel in the server manager.

[stuartornum]

Hi again,

Right, I have managed to get onto the console via /sbin/e-smith, however im not sure what option to go into to insert the command:

config setprop passwordstrength Users normal

I think I may be going wrong somewhere.

As for the DNS, does that mean it makes all the MX, A, NX and SOA stuff all for you? ?

Also, one last question, (Sorry), the remote management access rights, at the moment it seems I can only allow networks that I specify, so what if im on a network I haven't specified and I want access to it?

In other words, can I open remote management up to the entire internet for possible access.


Thanks Again

[grattman]

I am unclear to your console issue. Are you using something like Putty to access the server? If so, once you have logged in as root (you must be root in order to do this) you would type that command line at the prompt and it will have updated the password checker.

Here is a tutorial on access the server remotely: http://no.longer.valid/phpwiki/index.php/Remote%20Access

In gaining access to your server, I will be chastised for telling you how to do this, but sometimes it is a necessary evil. Let me preface this by saying that taking the password level down and then opening your server up to the world is not a good idea.

After you login to Server-Manager, under Security --> Remote Access, there will be a section called Remote Management. In order to gain access from "anywhere" you need to enter 0.0.0.0 for both the Network and the Subnet. This will allow access to your server from anywhere.

Then, under Secure Shell Settings, HEED THE WARNING
You can control Secure Shell access to your server. The public setting should only be enabled by experienced administrators for remote problem diagnosis and resolution. We recommend leaving this parameter set to "No Access" unless you have a specific reason to do otherwise.
 
If you choose to proceed, the three selections have to be like this:
Secure shell access   Allow public access (entire Internet)
Allow administrative command line access over secure shell   Yes
Allow secure shell access using standard passwords   No

It is recommended that you get the "User Remote Access" rpm to allow a user SUDO, but at this moment I am unable to locate it.

Hope this helps,
Brian

[stuartornum]

Brian,

That helped solve the problem completely.

As for the console, I thought it meant the file /sbin/e-smith. i.e. SME's own console, not just the basic console when you turn the machine on and login as root.

Also just so you aren't chastised, I was more that able to completely configure the server using the server manager, just a few things I haven't seen before. i.e. sometimes *.*.*.* means allow all, and so, so the syntax was slightly different this time....

Thanks again

[calisun]

You changed your password setting to allow weak passwords and you changed your access to allow all, YOU WILL BE HACKED!.
You have bypassed security measures on SME server, and if you get hacked, don't come crying back here. You are doing this at your own risk.

[grattman]

calisun,

People come here looking for solutions, not taunts. Please try to be more helpful in the future.

Lowering the setting is not all that catostrophic if you implement a strong password scheme to begin with. I do this, I also do not allow users to change their passwords when and how they like. Every six months they provide me with a new password. If it doesn't fly I kick it back. However, when your boss says I want this password, you pick your battles, lower the setting and set his up however they like. Then I return the settings to strong.

On a learning note, I did learn, or at least I don;t know the proper way to change a password command line, that if on SME 7.0 Final, you set someone up with a strong password and then try to change it via command line (passwd username) it will happily change the password, but access to ibays and email is voided.

Brian

[calisun]

grattman
stuartornum needs to understand what he is doing, he lowered password checking so he can use passwords ""123456" or "frank", instead of say "6TH7ha-p" " And he allowed access from all.
Even if he has no files that he needs to keep private, hackers can use his server for spam bot, or DOS attacks, or they can use his server to attack other servers from like FBI or CIA servers and he is the one who is going to be in trouble, not hackers.
He should read all the posts that developers have posted in the forums over the years. Their main concern is security, and he is by-passing security measures that developers put there for a reason.

And my post was not a taunt but a reality. Many times developrs said that if you change standard settings, you are doing this at your own risk.

[grattman]

You have bypassed security measures on SME server, and if you get hacked, don't come crying back here.

I understand your point and its not that I disagree with it. But the above comment does not exactly support "community" nor does it motivate the novice SME user to ask questions.

[calisun]

Fair enough

REWRITE:

You changed your password setting to allow weak passwords and you changed your access to allow all, YOU WILL BE HACKED!.
You have bypassed security measures on SME server, which is against recommendations of SME developers. Understand that you are doing this at your own risk.

[stuartornum]

Calisun and grattman, I have taken on board what you have said and have not changed the security settings.

Thanks again