Changeset View
Changeset View
Standalone View
Standalone View
en_US.ISO8859-1/books/handbook/security/chapter.xml
Show First 20 Lines • Show All 365 Lines • ▼ Show 20 Lines | |||||
You can now choose the new password. | You can now choose the new password. | ||||
A valid password should be a mix of upper and lower case letters, | A valid password should be a mix of upper and lower case letters, | ||||
digits and other characters. You can use a 12 character long | digits and other characters. You can use a 12 character long | ||||
password with characters from at least 3 of these 4 classes, or | password with characters from at least 3 of these 4 classes, or | ||||
a 10 character long password containing characters from all the | a 10 character long password containing characters from all the | ||||
classes. Characters that form a common pattern are discarded by | classes. Characters that form a common pattern are discarded by | ||||
the check. | the check. | ||||
Alternatively, if noone else can see your terminal now, you can | Alternatively, if no one else can see your terminal now, you can | ||||
bcr: That is output from the utility. Is that fixed in there and we did not pick it up yet or did… | |||||
sevanAuthorUnsubmitted Done Inline ActionsAh, good catch, I didn't check the context. It was flagged by igor. sevan: Ah, good catch, I didn't check the context. It was flagged by igor. | |||||
pick this as your password: "trait-useful&knob". | pick this as your password: "trait-useful&knob". | ||||
Enter new password:</screen> | Enter new password:</screen> | ||||
<para>If a password that does not match the policy is entered, | <para>If a password that does not match the policy is entered, | ||||
it will be rejected with a warning and the user will have an | it will be rejected with a warning and the user will have an | ||||
opportunity to try again, up to the configured number of | opportunity to try again, up to the configured number of | ||||
retries.</para> | retries.</para> | ||||
▲ Show 20 Lines • Show All 1,739 Lines • ▼ Show 20 Lines | <para><acronym>IPsec</acronym> supports two modes of operation. | ||||
The first mode, <firstterm>Transport Mode</firstterm>, protects | The first mode, <firstterm>Transport Mode</firstterm>, protects | ||||
communications between two hosts. The second mode, | communications between two hosts. The second mode, | ||||
<firstterm>Tunnel Mode</firstterm>, is used to build virtual | <firstterm>Tunnel Mode</firstterm>, is used to build virtual | ||||
tunnels, commonly known as Virtual Private Networks | tunnels, commonly known as Virtual Private Networks | ||||
(<acronym>VPN</acronym>s). Consult &man.ipsec.4; for detailed | (<acronym>VPN</acronym>s). Consult &man.ipsec.4; for detailed | ||||
information on the <acronym>IPsec</acronym> subsystem in | information on the <acronym>IPsec</acronym> subsystem in | ||||
&os;.</para> | &os;.</para> | ||||
<para>To add <acronym>IPsec</acronym> support to the kernel, add | <para><acronym>IPsec</acronym> support is enabled by default on &os; 11 and newer. | ||||
bcrUnsubmitted Done Inline ActionsA between &os; and 11 will be good to have. bcr: A between &os; and 11 will be good to have. | |||||
the following options to the custom kernel configuration file | To add <acronym>IPsec</acronym> support to the kernel of older &os; releases, | ||||
add the following options to the custom kernel configuration file | |||||
and rebuild the kernel using the instructions in <xref | and rebuild the kernel using the instructions in <xref | ||||
linkend="kernelconfig"/>:</para> | linkend="kernelconfig"/>:</para> | ||||
<indexterm> | <indexterm> | ||||
<primary>kernel options</primary> | <primary>kernel options</primary> | ||||
<secondary>IPSEC</secondary> | <secondary>IPSEC</secondary> | ||||
</indexterm> | </indexterm> | ||||
▲ Show 20 Lines • Show All 126 Lines • ▼ Show 20 Lines | round-trip min/avg/max/stddev = 28.106/94.594/154.524/49.814 ms</programlisting> | ||||
<para>As expected, both sides have the ability to send and | <para>As expected, both sides have the ability to send and | ||||
receive <acronym>ICMP</acronym> packets from the privately | receive <acronym>ICMP</acronym> packets from the privately | ||||
configured addresses. Next, both gateways must be told how to | configured addresses. Next, both gateways must be told how to | ||||
route packets in order to correctly send traffic from either | route packets in order to correctly send traffic from either | ||||
network. The following commands will achieve this | network. The following commands will achieve this | ||||
goal:</para> | goal:</para> | ||||
<screen>&prompt.root; <userinput>corp-net# route add <replaceable>10.0.0.0 10.0.0.5 255.255.255.0</replaceable></userinput> | <screen>corp-net&prompt.root; <userinput>route add <replaceable>10.0.0.0 10.0.0.5 255.255.255.0</replaceable></userinput> | ||||
&prompt.root; <userinput>corp-net# route add net <replaceable>10.0.0.0: gateway 10.0.0.5</replaceable></userinput> | corp-net&prompt.root; <userinput>route add net <replaceable>10.0.0.0: gateway 10.0.0.5</replaceable></userinput> | ||||
&prompt.root; <userinput>priv-net# route add <replaceable>10.246.38.0 10.246.38.1 255.255.255.0</replaceable></userinput> | priv-net&prompt.root; <userinput>route add <replaceable>10.246.38.0 10.246.38.1 255.255.255.0</replaceable></userinput> | ||||
&prompt.root; <userinput>priv-net# route add host <replaceable>10.246.38.0: gateway 10.246.38.1</replaceable></userinput></screen> | priv-net&prompt.root; <userinput>route add host <replaceable>10.246.38.0: gateway 10.246.38.1</replaceable></userinput></screen> | ||||
<para>At this point, internal machines should be reachable from | <para>At this point, internal machines should be reachable from | ||||
each gateway as well as from machines behind the gateways. | each gateway as well as from machines behind the gateways. | ||||
Again, use &man.ping.8; to confirm:</para> | Again, use &man.ping.8; to confirm:</para> | ||||
<programlisting>corp-net# ping 10.0.0.8 | <programlisting>corp-net# ping 10.0.0.8 | ||||
PING 10.0.0.8 (10.0.0.8): 56 data bytes | PING 10.0.0.8 (10.0.0.8): 56 data bytes | ||||
64 bytes from 10.0.0.8: icmp_seq=0 ttl=63 time=92.391 ms | 64 bytes from 10.0.0.8: icmp_seq=0 ttl=63 time=92.391 ms | ||||
▲ Show 20 Lines • Show All 1,862 Lines • Show Last 20 Lines |
That is output from the utility. Is that fixed in there and we did not pick it up yet or did they fix it and have not updated this section?