Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 30 Jun 2007 21:10:54 +0300
From:      Manolis Kiagias <sonicy@otenet.gr>
To:        Patrick Dung <patrick_dkt@yahoo.com.hk>
Cc:        "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>
Subject:   Re: password againg and other policy enforcement
Message-ID:  <46869CAE.4060106@otenet.gr>
In-Reply-To: <105872.23286.qm@web54305.mail.re2.yahoo.com>
References:  <105872.23286.qm@web54305.mail.re2.yahoo.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Patrick Dung wrote:
> I have some question about password policy in FreeBSD:
>
> 1. Administrator can enforce password expire in /etc/login.conf
> Is there any tool that can check when the password will expire for the
> users?
>
> 2. Any good way to enforce minimum password length and other
> restriction(like password need at least 2 numbers, 2 special char)?
>
> 3. Any ways to prevent user reuse old password?
>
> Regards
> Patrick
>   
These options have been moved to PAM (Pluggable Authentication Modules).
Have a look at /etc/pam.d
You will find a file called passwd
Edit it and uncomment the line:

password        requisite       pam_passwdqc.so        ....

Change the options you require per the manual page

(man 8 pam_passwdqc)

A lot of restrictions can be placed on the password (history,
complexity, number of chars / symbols and so on).

Manolis




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46869CAE.4060106>