Red Hat ENTERPRISE LINUX 4 - INTRODUCTION TO SYSTEM ADMINISTRATION Administration Manual

Also see for ENTERPRISE LINUX 4 - DEVELOPER TOOLS GUIDE: Installation guide Installation guide Tuning guide Installation guide Manual

Contents

116 Chapter 6. Managing User Accounts and Resource Access• The new user never receives any email — it all goes to the original user.• The original user suddenly stops receiving any email — it all goes to the new user.6.1.2. PasswordsIf the username provides an answer to the question, "who are you?", the password is the response tothe demand that inevitably follows:"Prove it!"In more formal terms, a password provides a means of proving the authenticity of a person’s claim tobe the user indicated by the username. The effectiveness of a password-based authentication schemerelies heavily on several aspects of the password:• The secrecy of the password• The resistance of the password to guessing• The resistance of the password to a brute-force attackPasswords that adequately address these issues are said to be strong, while those that fail to addressone or more of these issues is said to be weak. Creating strong passwords is important for the securityof the organization, as strong passwords are less likely to be discovered or guessed. There are twooptions available to enforce the use of strong passwords:• The system administrator can create passwords for all users.• The system administrator can let the users create their own passwords, while verifying that thepasswords are acceptably strong.Creating passwords for all users ensures that the passwords are strong, but it becomes a daunting taskas the organization grows. It also increases the risk of users writing their passwords down.For these reasons, most system administrators prefer to have their users create their own passwords.However, a good system administrator takes steps to verify that the passwords are strong.For guidelines on creating strong passwords, see the chapter titled Workstation Security in the RedHat Enterprise Linux Security Guide.The need for passwords to be kept secret should be an ingrained part of every system administrator’smindset. However, this point is often lost on many users. In fact, many users do not even understandthe difference between usernames and passwords. Given this unfortunate fact of life, it is vital thatsome amount of user education be undertaken, so that your users understand that their passwordshould be kept as secret as their paycheck.Passwords should be as difficult as possible to guess. A strong password is one that an attacker wouldnot be able to guess, even if the attacker knew the user well.A brute-force attack on a password entails methodically trying (usually via a program known as apassword-cracker) every possible combination of characters in the hopes that the correct passwordwill eventually be found. A strong password should be constructed in such a way as to make thenumber of potential passwords that must be tested very large, forcing the attacker to take a long timesearching for the password.Strong and weak passwords are explored in more detail in the following sections.