[BlueOnyx:06866] Re: Disable Strong Passwords

Samuel Lentz saml at visuallink.com
Fri Apr 1 12:44:19 -05 2011 

I am going to email a copy of that ebook to my client.

I just want to let you all know I am also against doing this, but it is 
my client that wants it.

Thanks
Sam L.

On 04/01/2011 12:15 PM, Richard Morgan wrote:
> My quick dig shows that this question was raised about a year ago - I'd
> already done some looking into it, so I'll repost the same answer (apologies
> as my original answer was posted on a Saturday with a beer in hand).
>
> I've since found that some updates to BX either reset this tweak or prevent
> it completely, but it might be a nudge forwards.
>
> As a by the way, I once had a site compromised caused by user 'stephen' who
> had a password of, yes, the same - the 2Gb hosting space was full of all
> manner of iffy clutter.  This was BQ though, not BX.  I would never want
> simple passwords on a live box - I only tweaked it for my local home/test
> box.
>
> HTH
>
> Richard
>
> --- original post from April 2010 ---
>
> OK, I'll start with a disclaimer... strong password checking is a damn good
> thing and the guys or girls that put it together did a mighty fine job at
> helping to keep our boxes secure.
>
> However, if for some reason outside the realm of normal mortal thinking it
> is necessary to disable it... try the following:
>
> su -
> pico /usr/sausalito/ui/web/uifc/check_password.php
>
> There is a line that says:
>
> $password = $_POST["password"];
>
> Directly under it and before the $dictionary... line, add the following to
> overwrite the variable with a strong password.  Such as:
>
> $password = "fl1pp1nL0ngP855w0rd";
>
> Exit pico, save and password checking is disabled.  It might get overwritten
> during an update so don't be surprised if it suddenly works again.
>
> There's a good little ebook floating around called 'nix_intrusion.pdf'
> (Google knows it).  You might want to keep it handy :o)
>
> Hope this helps.
>
> Richard
>
>
>
>
> ----- Original Message -----
> From: "Samuel Lentz"<saml at visuallink.com>
> To: "BlueOnyx General Mailing List"<blueonyx at blueonyx.it>
> Sent: Friday, April 01, 2011 3:46 PM
> Subject: [BlueOnyx:06857] Re: Disable Strong Passwords
>
>
>> On 04/01/2011 10:17 AM, Chris Gebhardt - VIRTBIZ Internet wrote:
>>> Samuel Lentz wrote:
>>>> I have done is once before but have forgotten how.
>>>>
>>>> Dose anyone know the location of the file that needs to be edited to
>>>> disable strong passwords for users?
>>> Just set everything to "password".  That ought to fix it.  :0
>>>
>>> Honestly, the strong password requirement has been one of the best
>>> implementations on the BlueOnyx project yet.  I know it frustrates the
>>> lazy, but it also helps to prevent them from allowing the box to get
>>> compromised.
>>>
>>> Before you keep digging on the how-to, you really need to evaluate -
>>> again - do you REALLY want to (because the only responsible answer is
>>> that no, you do not.)
>>>
>> I am all for the strong passwords. I like the strong passwords. It is
>> our client that needs the passwords to be week and puney. I did talks
>> about it for about an hour that they insist on it.
>>
>>
>> _______________________________________________
>> Blueonyx mailing list
>> Blueonyx at blueonyx.it
>> http://www.blueonyx.it/mailman/listinfo/blueonyx
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at blueonyx.it
> http://www.blueonyx.it/mailman/listinfo/blueonyx

More information about the Blueonyx mailing list