Help with an UI for credentials with restrict of 2 dependent fields

I am trying to change credentials UI where a user should insert username & password . The change will include another field called PEM which can be either an upload button or a dropzone. The requirement is that the user need to provide a username and a PEM File OR a Password.

The UI currently looks like so:

enter image description here

Where should I add the dropzone OR upload button?

Ubuntu 18.04.2 – L2TP Vpn do noes not save the edited credentials

If you create a L2TP Client and edit the credentials, the new password is not saved, I made a short video demonstrating this.

I tried with an actual VPN and I always got an authentication error because the password was not saved, the only workaround that I found is to delete the connection and create it again.

Video demo: https://youtu.be/SMvoPZdPg50?t=12

RDP Credentials dialog box takes too long to accept credentials after clicking ‘OK’

We recently deployed Win 10 and when we try to RDP to another Win 10 it takes approx 20-25 seconds for Credentials dialog box to disappear. So again, its the dialog box of credentials that take time to disappear after I hit OK not the connection

Any idea what may be causing this weird behavior ?

enter image description here

Office prompting for credentials when saving document opened in SharePoint

I have a user that can open and edit a document in SharePoint Fine. She then does a “Save AS” and it works. However, if she opens and does the same thing with a second document, she gets an endless prompt for her credentials.

Also, when I open using the “Edit” option in SharePoint, it opens in Excel ok. But when I try to save as, I get the same prompt.

This also happens for me (admin) when opening a document using the edit option. It prompts for my credentials on save.

Why is she able to open in SharePoint and “save as” once OK, but the second time she gets a prompt?

This is for an on-premises installation of SharePoint 2013.

Windows Credential Guard protects credentials but not the remote access with the same credentials?

I wonder what is the real purpose of having credentials protected by Windows Credential Guard (WCG) when it is possible for malicious admin to obtain cached credentials (i.e. the ones not protected by WCG) and request WCG to issue a remote login token, thus effectively having access to some critical remote system as if having “the real” credentials (which are stored in WCG)?

AFAIK while WCG protects credentials (used for PtH and alike), it does not protect the access which can be obtained with these same credentials (e.g. remote login to some system).

Can anyone clarify/explain this ? Thanks

bitcoin-cli could not locate RPC credentials

I’m running a bitcoind 0.16 and it seem working, blockchain in sync etc.. I’ve used the “new” rpcauth, which is non deprecated so kind of referennce as explained here: https://github.com/bitcoin/bitcoin/blob/v0.16.0/contrib/debian/examples/bitcoin.conf. I’ve generated the rpcauth line and the password with ./share/rpcauth/rpcauth.py bob

Copied the rpc line in the ~/.bitcoin/bitcoin.conf file and stored the password elsewhere. The conf file have this [rpc] section:

server=1 rest=1 rpcauth=bob:b2dd077cb54591a2f3139e69a897ac$  4e71f08d48b4347cf8eff3815c0e25ae2e9a4340474079f55705f40574f4ec99 

I run

./src/bitcoin-cli get blockchaininfo -rpcuser={...} -rpcpassword={...} 

The answer is:

error: Could not locate RPC credentials. No authentication cookie could be found, and RPC password is not set.  See -rpcpassword and -stdinrpcpass.  Configuration file: (/home/bitcoin/.bitcoin/bitcoin.conf) 

It’s like the cli can’t read the rpc credentials from the command line. It’s not saying “credentials are wrong”. Also the conf file is the correct one so…

Any clue?

Use flurl proxy with credentials

I want to make Flurl requests through proxy with authorization, but getting Error: Success. If I don’t use proxy, requests works fine. Proxy data is correct, I’ve tested it with curl.

My proxy factory:

  public class ProxyHttpClientFactory : DefaultHttpClientFactory     {         private readonly WebProxy _webProxy;          public ProxyHttpClientFactory(string proxyUrl, int port, string username, string password)         {             var proxyUri = new Uri($  "{proxyUrl}:{port}");             ICredentials credentials = new NetworkCredential(username, password);             _webProxy = new WebProxy(proxyUri, true, null, credentials);         }          public override HttpMessageHandler CreateMessageHandler()         {             return new HttpClientHandler             {                 Proxy = _webProxy,                 UseProxy = true,             };         }     } 

I use it like:

   FlurlHttp.Configure(settings =>             {                     settings.HttpClientFactory =                     new ProxyHttpClientFactory(ProxyUrl, ProxyPort, ProxyUsername, ProxyPassword);             }); 

Error log:

Method: GET, RequestUri: 'https://api.ipify.org/?format=json', Version: 1.1, Content: <null>, Headers: { }  Flurl.Http.FlurlHttpException: Call failed. Error: Success GET https://api.ipify.org/?format=json ---> System.Net.WebException: Error: Success   at System.Net.HttpWebRequest.EndGetResponse (System.IAsyncResult asyncResult) [0x00064] in <bd46d4d4f7964dfa9beea098499ab597>:0    at System.Threading.Tasks.TaskFactory`1[TResult].FromAsyncCoreLogic   ...  Process finished with exit code 0. 

Handle secret/private credentials when using Git?

When using Git and 3rd party vendors for repositories (such a GitHub, GitLab or Bitbucket), is there any way to handle the system’s private API tokens or the database setup configuration? More than having those repos as private, of course.

I’ve seen some SaaS solutions, AWS-based ideas, and even a npm package for that (obviously) called “multi-encrypt”, so I decided to ask which approach(es) would be secure enough if we already have a private repo and want to manage those valuable secret strings.

What kind of damage someone can do if someone knows the proxy server credentials

One of our Wifi is configured to use basic auth with username and password to the proxy server as base64 encoded. The same credentials is used by all the computers connected to the Wifi. Anyone connected to the Wifi can see the credentials using browser developer tools.

What are the security implications of this kind of setup? Can someone do any damage?

Can someone connected to the Wifi bypass the proxy? is there any way to do it?

smb mounts fine when using kbr5 but not explicit credentials

In my company we have been testing out SMB to replace NFS servers. When mounting Windows server shares, everything works as expected. ie:

mount.cifs //windows.domain.com/share /mnt/windows/ -o credentials=/home/ttest/.smb # OR mount.cifs //windows.domain.com/share /mnt/windows/ -o sec=krb5,uid=$  UID,gid=team,cruid=$  UID 

For this test we have a Centos 7.6 server running samba-4.8. Windows machines can mount the share fine, and centos clients can mount it when using the sec=kbr5 option.

The Issue

I cannot figure out why I can’t mount this share with explicit permissions! ie:

mount.cifs //linux.domain.com/share /mnt/share/ -o sec=krb5,uid=$  UID,gid=team,cruid=$  UID # SUCCESS mount.cifs //linux.domain.com/share /mnt/share/ -o credentials=/home/ttest/.smb # FAILS