[BlueOnyx:06860] Re: Disable Strong Passwords

Richard Morgan richard at morgan-web.co.uk
Fri Apr 1 11:15:30 -05 2011 

My quick dig shows that this question was raised about a year ago - I'd 
already done some looking into it, so I'll repost the same answer (apologies 
as my original answer was posted on a Saturday with a beer in hand).

I've since found that some updates to BX either reset this tweak or prevent 
it completely, but it might be a nudge forwards.

As a by the way, I once had a site compromised caused by user 'stephen' who 
had a password of, yes, the same - the 2Gb hosting space was full of all 
manner of iffy clutter.  This was BQ though, not BX.  I would never want 
simple passwords on a live box - I only tweaked it for my local home/test 
box.

HTH

Richard

--- original post from April 2010 ---

OK, I'll start with a disclaimer... strong password checking is a damn good
thing and the guys or girls that put it together did a mighty fine job at
helping to keep our boxes secure.

However, if for some reason outside the realm of normal mortal thinking it
is necessary to disable it... try the following:

su -
pico /usr/sausalito/ui/web/uifc/check_password.php

There is a line that says:

$password = $_POST["password"];

Directly under it and before the $dictionary... line, add the following to
overwrite the variable with a strong password.  Such as:

$password = "fl1pp1nL0ngP855w0rd";

Exit pico, save and password checking is disabled.  It might get overwritten
during an update so don't be surprised if it suddenly works again.

There's a good little ebook floating around called 'nix_intrusion.pdf'
(Google knows it).  You might want to keep it handy :o)

Hope this helps.

Richard




----- Original Message ----- 
From: "Samuel Lentz" <saml at visuallink.com>
To: "BlueOnyx General Mailing List" <blueonyx at blueonyx.it>
Sent: Friday, April 01, 2011 3:46 PM
Subject: [BlueOnyx:06857] Re: Disable Strong Passwords


> On 04/01/2011 10:17 AM, Chris Gebhardt - VIRTBIZ Internet wrote:
>> Samuel Lentz wrote:
>>> I have done is once before but have forgotten how.
>>>
>>> Dose anyone know the location of the file that needs to be edited to
>>> disable strong passwords for users?
>> Just set everything to "password".  That ought to fix it.  :0
>>
>> Honestly, the strong password requirement has been one of the best
>> implementations on the BlueOnyx project yet.  I know it frustrates the
>> lazy, but it also helps to prevent them from allowing the box to get
>> compromised.
>>
>> Before you keep digging on the how-to, you really need to evaluate -
>> again - do you REALLY want to (because the only responsible answer is
>> that no, you do not.)
>>
> I am all for the strong passwords. I like the strong passwords. It is
> our client that needs the passwords to be week and puney. I did talks
> about it for about an hour that they insist on it.
>
>
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at blueonyx.it
> http://www.blueonyx.it/mailman/listinfo/blueonyx

More information about the Blueonyx mailing list