From owner-freebsd-questions@FreeBSD.ORG  Sat Jun 30 18:10:59 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 05E2716A473
	for <freebsd-questions@freebsd.org>;
	Sat, 30 Jun 2007 18:10:59 +0000 (UTC)
	(envelope-from sonicy@otenet.gr)
Received: from rosebud.otenet.gr (rosebud.otenet.gr [195.170.0.94])
	by mx1.freebsd.org (Postfix) with ESMTP id 70C0213C448
	for <freebsd-questions@freebsd.org>;
	Sat, 30 Jun 2007 18:10:58 +0000 (UTC)
	(envelope-from sonicy@otenet.gr)
Received: from atlantis.dyndns.org (athedsl-88034.home.otenet.gr
	[87.203.97.48])
	by rosebud.otenet.gr (8.13.8/8.13.8/Debian-3) with ESMTP id
	l5UIAtFe001160; Sat, 30 Jun 2007 21:10:56 +0300
Message-ID: <46869CAE.4060106@otenet.gr>
Date: Sat, 30 Jun 2007 21:10:54 +0300
From: Manolis Kiagias <sonicy@otenet.gr>
User-Agent: Thunderbird 2.0.0.4 (X11/20070615)
MIME-Version: 1.0
To: Patrick Dung <patrick_dkt@yahoo.com.hk>
References: <105872.23286.qm@web54305.mail.re2.yahoo.com>
In-Reply-To: <105872.23286.qm@web54305.mail.re2.yahoo.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>
Subject: Re: password againg and other policy enforcement
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Jun 2007 18:10:59 -0000

Patrick Dung wrote:
> I have some question about password policy in FreeBSD:
>
> 1. Administrator can enforce password expire in /etc/login.conf
> Is there any tool that can check when the password will expire for the
> users?
>
> 2. Any good way to enforce minimum password length and other
> restriction(like password need at least 2 numbers, 2 special char)?
>
> 3. Any ways to prevent user reuse old password?
>
> Regards
> Patrick
>   
These options have been moved to PAM (Pluggable Authentication Modules).
Have a look at /etc/pam.d
You will find a file called passwd
Edit it and uncomment the line:

password        requisite       pam_passwdqc.so        ....

Change the options you require per the manual page

(man 8 pam_passwdqc)

A lot of restrictions can be placed on the password (history,
complexity, number of chars / symbols and so on).

Manolis