[WBEL-users] Password changing overnight.
Kirby Bohling
kbohling@birddog.com
Mon, 16 Aug 2004 05:06:10 -0500
On Mon, Aug 16, 2004 at 10:38:50AM +0100, Denis Croombs wrote:
> I have a VERY strange problem some whitebox & Redhat 9.0 system change their
> ROOT passwords overnight, (not very often) this is a real pain, any clues as
> to why it should happen ? It also has happened for a normal user as well but
> that is easier to cope with.
> I am currently helping 1 school with 8+ whitebox systems and 1 Redhat 9.0.
> This has happened 3 times in 3 weeks on the Redhat 9.0 and 4 times on
> Whitebox system over the last 4 weeks.
Denis,
Uhhh, in 9 years of running Linux, the only time my root
password has every changed is when I did it, or someone broke into
my machine and had some fun at my expense.
If there is no remote access, it's still relatively easy to just
reboot into single user mode and change the password. Unless you
have some odd password expiration setup, someone is changing your
root password. Have you tried putting it thru an MD5 password
cracker? I know one was posted to slashdot in the past month or so.
Are you just using straight up /etc/shadow passwords with
standard file based authentication? What are the symptoms that lead
you to believe the password has been changed (I've had several times
where LDAP problems that timed out acted like a password change).
Thanks,
Kirby