Differences
This shows you the differences between two versions of the page.
|
isc:labs:03 [2024/10/21 12:47] florin.stancu [03. [15p] Password Hashing] |
isc:labs:03 [2025/10/20 11:02] (current) florin.stancu [04. [5p] Account Locking] |
||
|---|---|---|---|
| Line 82: | Line 82: | ||
| ==== 03. [15p] Password Hashing ==== | ==== 03. [15p] Password Hashing ==== | ||
| - | Fill in the TODOs in ''gen_hash.py'' to generate a new password hash. Using your super user privileges, manually overwrite the old password of our user. | + | Fill in the TODOs in ''gen_hash.py'' to generate a new password hash. Using your super user privileges, manually overwrite the old password of our ''dani.mocanu'' user. |
| Test if you were successful by trying to log in (''su'') using the new password. | Test if you were successful by trying to log in (''su'') using the new password. | ||
| - | **References:** | + | <note warning> |
| - | * https://python.readthedocs.io/en/stable/library/crypt.html | + | **crypt** was deprecated in PEP 594. See [[https://docs.python.org/3/library/crypt.html|this]] for alternatives. **legacycrypt** works ([[https://docs.python.org/3.10/library/crypt.html|API docs here]]).</note> |
| <solution -hidden> | <solution -hidden> | ||
| Line 106: | Line 106: | ||
| ==== 04. [5p] Account Locking ==== | ==== 04. [5p] Account Locking ==== | ||
| - | As we want to use a Python script to log in to the user account we worked on so far, you need to delete and lock its password so that password-based authentication is disabled for this user account. | + | As we want to use a Python script to log in to the user account we worked on so far, you need to delete and lock its password so that password-based authentication is disabled for ''dani.mocanu''. |
| **Reference:** | **Reference:** | ||
| Line 133: | Line 133: | ||
| * perform prints from the Python script, | * perform prints from the Python script, | ||
| * do not print anything else. | * do not print anything else. | ||
| + | |||
| + | <note tip> | ||
| + | If you need to debug your //auth.py// script, delete the ''quiet'' parameter from the PAM config. Now, your stdout and stderr are no longer suppressed. | ||
| + | |||
| + | ---- | ||
| + | |||
| + | The PAM module may return different error codes depending on the nature of the error. Use the **errno** tool to check their meaning. | ||
| + | |||
| + | <code bash> | ||
| + | $ apt install errno | ||
| + | $ errno 13 | ||
| + | EACCES 13 Permission denied | ||
| + | </code> | ||
| + | |||
| + | ---- | ||
| + | |||
| + | Remember that ''^?'' sequences (where ''?'' certain upper-case letters) represents a control character. If you get an error that contains such a sequence, take a look at the hexdump. | ||
| + | </note> | ||
| **References:** | **References:** | ||
