Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Passwords

from [George Theall] Network Security [Permanent Link]
Subject: Re: Passwords
Date: Tue, 31 Aug 2004 13:10:47 -0400 
On Tue, Aug 31, 2004 at 11:21:56AM -0500, peter.hachmeister@cunamutual.com 
wrote:


Is there a way to change the password for a user?


Not really - passwords are stored in a file within the user's auth
directory within the Nessus user base.  The file is named 'hash' if
it's stored as an MD5 hash or 'password' if it's plaintext.


I would like to set it
up so people can manage their own passwords.


It would be fairly straightforward to write a script to do this provided
all your users have shell access on the Nessus server.  Look at
nessus-adduser to see how it's done when saving the password initially. 

Alternatively, have you considered setting users up to authenticate with
certificates? This would enable them to change their passwords (pass
phrases) by themselves using OpenSSL on whichever platform it's
available (eg, *nix, MacOS, Windows). 

George
-- 
theall@tifaware.com

Attachment: pgpWZuPVEJkxB.pgp
Description: PGP signature

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Passwords, peter . hachmeister
    • Re: Passwords, George Theall <=
Previous by Date:  Passwords, peter . hachmeister
Next by Date:  Re: Nessus user passwords, George Theall
Previous by Thread:  Passwords, peter . hachmeister
Next by Thread:  HTML Graph Reports..., Vaccare, Anthony
Indexes:  [Date] [Thread] [Top] [All Lists]