Changeset View
Changeset View
Standalone View
Standalone View
en_US.ISO8859-1/books/handbook/security/chapter.xml
| Show First 20 Lines • Show All 365 Lines • ▼ Show 20 Lines | |||||
| You can now choose the new password. | You can now choose the new password. | ||||
| A valid password should be a mix of upper and lower case letters, | A valid password should be a mix of upper and lower case letters, | ||||
| digits and other characters. You can use a 12 character long | digits and other characters. You can use a 12 character long | ||||
| password with characters from at least 3 of these 4 classes, or | password with characters from at least 3 of these 4 classes, or | ||||
| a 10 character long password containing characters from all the | a 10 character long password containing characters from all the | ||||
| classes. Characters that form a common pattern are discarded by | classes. Characters that form a common pattern are discarded by | ||||
| the check. | the check. | ||||
| Alternatively, if noone else can see your terminal now, you can | Alternatively, if no one else can see your terminal now, you can | ||||
bcr: That is output from the utility. Is that fixed in there and we did not pick it up yet or did… | |||||
sevanAuthorUnsubmitted Done Inline ActionsAh, good catch, I didn't check the context. It was flagged by igor. sevan: Ah, good catch, I didn't check the context. It was flagged by igor. | |||||
| pick this as your password: "trait-useful&knob". | pick this as your password: "trait-useful&knob". | ||||
| Enter new password:</screen> | Enter new password:</screen> | ||||
| <para>If a password that does not match the policy is entered, | <para>If a password that does not match the policy is entered, | ||||
| it will be rejected with a warning and the user will have an | it will be rejected with a warning and the user will have an | ||||
| opportunity to try again, up to the configured number of | opportunity to try again, up to the configured number of | ||||
| retries.</para> | retries.</para> | ||||
| ▲ Show 20 Lines • Show All 1,739 Lines • ▼ Show 20 Lines | <para><acronym>IPsec</acronym> supports two modes of operation. | ||||
| The first mode, <firstterm>Transport Mode</firstterm>, protects | The first mode, <firstterm>Transport Mode</firstterm>, protects | ||||
| communications between two hosts. The second mode, | communications between two hosts. The second mode, | ||||
| <firstterm>Tunnel Mode</firstterm>, is used to build virtual | <firstterm>Tunnel Mode</firstterm>, is used to build virtual | ||||
| tunnels, commonly known as Virtual Private Networks | tunnels, commonly known as Virtual Private Networks | ||||
| (<acronym>VPN</acronym>s). Consult &man.ipsec.4; for detailed | (<acronym>VPN</acronym>s). Consult &man.ipsec.4; for detailed | ||||
| information on the <acronym>IPsec</acronym> subsystem in | information on the <acronym>IPsec</acronym> subsystem in | ||||
| &os;.</para> | &os;.</para> | ||||
| <para>To add <acronym>IPsec</acronym> support to the kernel, add | <para><acronym>IPsec</acronym> support is enabled by default on &os; 11 and newer. | ||||
bcrUnsubmitted Done Inline ActionsA between &os; and 11 will be good to have. bcr: A between &os; and 11 will be good to have. | |||||
| the following options to the custom kernel configuration file | To add <acronym>IPsec</acronym> support to the kernel of older &os; releases, | ||||
| add the following options to the custom kernel configuration file | |||||
| and rebuild the kernel using the instructions in <xref | and rebuild the kernel using the instructions in <xref | ||||
| linkend="kernelconfig"/>:</para> | linkend="kernelconfig"/>:</para> | ||||
| <indexterm> | <indexterm> | ||||
| <primary>kernel options</primary> | <primary>kernel options</primary> | ||||
| <secondary>IPSEC</secondary> | <secondary>IPSEC</secondary> | ||||
| </indexterm> | </indexterm> | ||||
| ▲ Show 20 Lines • Show All 126 Lines • ▼ Show 20 Lines | round-trip min/avg/max/stddev = 28.106/94.594/154.524/49.814 ms</programlisting> | ||||
| <para>As expected, both sides have the ability to send and | <para>As expected, both sides have the ability to send and | ||||
| receive <acronym>ICMP</acronym> packets from the privately | receive <acronym>ICMP</acronym> packets from the privately | ||||
| configured addresses. Next, both gateways must be told how to | configured addresses. Next, both gateways must be told how to | ||||
| route packets in order to correctly send traffic from either | route packets in order to correctly send traffic from either | ||||
| network. The following commands will achieve this | network. The following commands will achieve this | ||||
| goal:</para> | goal:</para> | ||||
| <screen>&prompt.root; <userinput>corp-net# route add <replaceable>10.0.0.0 10.0.0.5 255.255.255.0</replaceable></userinput> | <screen>corp-net&prompt.root; <userinput>route add <replaceable>10.0.0.0 10.0.0.5 255.255.255.0</replaceable></userinput> | ||||
| &prompt.root; <userinput>corp-net# route add net <replaceable>10.0.0.0: gateway 10.0.0.5</replaceable></userinput> | corp-net&prompt.root; <userinput>route add net <replaceable>10.0.0.0: gateway 10.0.0.5</replaceable></userinput> | ||||
| &prompt.root; <userinput>priv-net# route add <replaceable>10.246.38.0 10.246.38.1 255.255.255.0</replaceable></userinput> | priv-net&prompt.root; <userinput>route add <replaceable>10.246.38.0 10.246.38.1 255.255.255.0</replaceable></userinput> | ||||
| &prompt.root; <userinput>priv-net# route add host <replaceable>10.246.38.0: gateway 10.246.38.1</replaceable></userinput></screen> | priv-net&prompt.root; <userinput>route add host <replaceable>10.246.38.0: gateway 10.246.38.1</replaceable></userinput></screen> | ||||
| <para>At this point, internal machines should be reachable from | <para>At this point, internal machines should be reachable from | ||||
| each gateway as well as from machines behind the gateways. | each gateway as well as from machines behind the gateways. | ||||
| Again, use &man.ping.8; to confirm:</para> | Again, use &man.ping.8; to confirm:</para> | ||||
| <programlisting>corp-net# ping 10.0.0.8 | <programlisting>corp-net# ping 10.0.0.8 | ||||
| PING 10.0.0.8 (10.0.0.8): 56 data bytes | PING 10.0.0.8 (10.0.0.8): 56 data bytes | ||||
| 64 bytes from 10.0.0.8: icmp_seq=0 ttl=63 time=92.391 ms | 64 bytes from 10.0.0.8: icmp_seq=0 ttl=63 time=92.391 ms | ||||
| ▲ Show 20 Lines • Show All 1,862 Lines • Show Last 20 Lines | |||||
That is output from the utility. Is that fixed in there and we did not pick it up yet or did they fix it and have not updated this section?