From owner-freebsd-questions@FreeBSD.ORG Sat Jun 30 18:10:59 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 05E2716A473 for ; Sat, 30 Jun 2007 18:10:59 +0000 (UTC) (envelope-from sonicy@otenet.gr) Received: from rosebud.otenet.gr (rosebud.otenet.gr [195.170.0.94]) by mx1.freebsd.org (Postfix) with ESMTP id 70C0213C448 for ; Sat, 30 Jun 2007 18:10:58 +0000 (UTC) (envelope-from sonicy@otenet.gr) Received: from atlantis.dyndns.org (athedsl-88034.home.otenet.gr [87.203.97.48]) by rosebud.otenet.gr (8.13.8/8.13.8/Debian-3) with ESMTP id l5UIAtFe001160; Sat, 30 Jun 2007 21:10:56 +0300 Message-ID: <46869CAE.4060106@otenet.gr> Date: Sat, 30 Jun 2007 21:10:54 +0300 From: Manolis Kiagias User-Agent: Thunderbird 2.0.0.4 (X11/20070615) MIME-Version: 1.0 To: Patrick Dung References: <105872.23286.qm@web54305.mail.re2.yahoo.com> In-Reply-To: <105872.23286.qm@web54305.mail.re2.yahoo.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: "freebsd-questions@freebsd.org" Subject: Re: password againg and other policy enforcement X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Jun 2007 18:10:59 -0000 Patrick Dung wrote: > I have some question about password policy in FreeBSD: > > 1. Administrator can enforce password expire in /etc/login.conf > Is there any tool that can check when the password will expire for the > users? > > 2. Any good way to enforce minimum password length and other > restriction(like password need at least 2 numbers, 2 special char)? > > 3. Any ways to prevent user reuse old password? > > Regards > Patrick > These options have been moved to PAM (Pluggable Authentication Modules). Have a look at /etc/pam.d You will find a file called passwd Edit it and uncomment the line: password requisite pam_passwdqc.so .... Change the options you require per the manual page (man 8 pam_passwdqc) A lot of restrictions can be placed on the password (history, complexity, number of chars / symbols and so on). Manolis