(Internet.com)Wireless management on Linux is a bit of a hodge-podge, especially for roaming users. NetworkManager, KWifiManager, and various other utilities that have come and gone all attempt to make managing different network connections easy. NetworkManager and KWifiManager do a pretty good job, though you often have to finick and fuss a fair bit. wicd (pronounced "wicked"), the wireless interface connection daemon, tries to do the job better, so we're going to give it a test drive.

The short story is: On a system with a single supported wireless interface it works very well. I like it better than NetworkManager, which to me is vexing; I always remove it. It's similar to KWifiManager, which I like a lot. Some differences are wicd only creates profiles for wired interfaces, while KWifiManager manages wireless profiles. But KWifiManager requires root privileges to create profiles. KWifiManager seems less picky about interfaces. I tried it on two Thinkpads: an older R32 and a newer T61. The R32 runs Debian Testing, and has an antique, onboard Prism 1 wireless interface. The T61 has the onboard Intel Pro 3945ABG wireless chipset, and runs both Sidux and Kubuntu Hardy Heron. I also have a PC Card Atheros-based wireless G interface.

(ITManagement)Enforcing password security with a multiple-user system can be a hassle — users all too often use inadequate passwords. john-the-ripper (also available via most distros) is a password-cracking tool that enables the identification of vulnerable passwords before someone with nefarious intentions finds the weakness.

The first step is to extract the username/password information from the relevant files, using the provided unshadow tool:

unshadow /etc/passwd /etc/shadow > /tmp/password.db
After that, john has three cracking modes:

Dictionary mode, which tests passwords based on dictionary words. You can use the provided dictionary or provide your own, and there's an option to enable "word mangling" rules.
Incremental mode, which tries all possible character combinations and will obviously take a very, very long time to run. You can change the parameters for this via the config file.

You can run one at a time (in which case, try "single crack" mode first), or run all of them consecutively with

john /tmp/password.db
To show results, use

john --show /tmp/password.db
unshadow will produce a password database only on systems that use /etc/passwd and /etc/shadow for login. For centralized systems, there's a Kerberos5 module available, or the supplied unafs utility extracts Kerberos AFS passwords. There's also a LDAP module
Also remember that you can limit cracking attempts through measures such as locking out specific IP addresses after multiple failed ssh attempts or limiting the number of times a user can get a password wrong when logging on.