Date: Wed, 4 Mar 1998 15:33:33 -0500 From: Branson Matheson <Branson.Matheson@FergInc.com> To: Graphic Rezidew <rezidew@rezidew.net> Cc: freebsd-isp@FreeBSD.ORG Subject: Re: users and passwords Message-ID: <19980304153333.39829@toth.FergInc.com> In-Reply-To: <34FDB5A7.84B9549C@rezidew.net>; from Graphic Rezidew on Wed, Mar 04, 1998 at 02:12:23PM -0600 References: <34FDB5A7.84B9549C@rezidew.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Mar 04, 1998 at 02:12:23PM -0600, Graphic Rezidew wrote:
> Is there any method by which I can force users to pick secure passwords
> when they execute 'passwd'? (eg. a wrapper that checks for bad passwords
> or a replacement for passwd....)
You have two options that are secure.
1> check out npasswd or passwd+, both compilable and should work
under fbsd. ( I have played with both.. but I opted for the second
suggestion which is ) :
2> Add the cracklib stuff to your passwd program. This will do a
crack like check on the password before allowing crypt to be run.
It works well. Cracklib comes with Crack.
If you do use cracklib.. I also highly suggest that still run crack
fairly regularly. One Sysadmin I know ( one of the co-authors of the
System Admin Handbook ), takes the rulesets that crack finds
passwords with and adds them to cracklib so that they cannot be used
again.
I would not suggest a wrapper.. it has the possiblity of be
subverted. You should be able to find the links for the above
software on www.ugu.com.
- branson
-------------------------------------------------------------------------------
Branson Matheson " If you are falling off of a mountain,
Unix System Administrator You may as well try to fly."
Ferguson Enterprises, Inc. - Delenn, Minbari Ambassador
( $statements = <BRANSON> ) !~ /Corporate Opinion/;
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980304153333.39829>