I INF 306 Lecture Notes - Lecture 4: Passwd, Rainbow Table, Umask

Identification and authentication and authorization and access control. User provisioning: name/uid, groupship, shell, default group, full membership, /etc/shells, restricted shells, homedirs, quotas, changing file owner/group, retiring accounts. Best practices: never use auto-login, don"t provide user list, on failure, don"t identify what went wrong, don"t lock out users indefinitely, watch (and limit) across all vectors of connection. Not for normal use: administrator/root, the highlander of accounts, restrict root logins, there"s nothing wrong renaming this account, service accounts, used for running daemons/services. Start as root but then discard extra privilege: nobody, generic (guest) accounts. Local accounts: /etc/passwd, name:password:uid:gid:gecos:homedir:shell, general electric comprehensive operating system, name:password:lastchg:min:max:warn:inactive:expire:flag, group_name:password:gid:user_list. Unix/linux tools to get user/account information: /etc/shadow, /etc/group, w,who,whodo, logname, groups, newgrp, id, shell variables, , , , . Ms windows user/account information: windows management instrumentation command-line, wmic useraccount list brief, net, net account, net user. Account centralization: nis, once known as yp, rpc based, ldap (rfc4511, x. 500 ( iso 9594-n , dn & oid.