From owner-freebsd-questions@FreeBSD.ORG Sat Jun 30 18:56:55 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4104216A41F for ; Sat, 30 Jun 2007 18:56:55 +0000 (UTC) (envelope-from patrick_dkt@yahoo.com.hk) Received: from web54305.mail.re2.yahoo.com (web54305.mail.re2.yahoo.com [206.190.49.115]) by mx1.freebsd.org (Postfix) with SMTP id E913313C455 for ; Sat, 30 Jun 2007 18:56:54 +0000 (UTC) (envelope-from patrick_dkt@yahoo.com.hk) Received: (qmail 68779 invoked by uid 60001); 30 Jun 2007 18:56:54 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com.hk; h=X-YMail-OSG:Received:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=SnWo1WBcIFCKIY8gL+MOsrfMffjirUh8mTBidVNIbL0qNjKECyHb1fYbYnIVO1ryBCf/Rh4SHVgmHINtrZeeewy+qXx0uI5wcf7p87htemIf4oDkFny1k+o+uuHl4o4lQLC7ZTOKhenJ1ygYt9iuzaVVgHBfYmq3Tjsuc2sUqaY=; X-YMail-OSG: NMfpUt4VM1mMognyw3A2BVQ2snWcdzu7v5YcJIxnTcTuR_ffuoYYNmXi.8Yat.wcdZ2pIGEVWFhPHU5q_2QRB9c_G1_NkIonpByFXkdwo.3nMqq6agH4x9s2kefWleYxbKD0ihXC8zu4Bi5NaXenigus6Q-- Received: from [61.15.61.52] by web54305.mail.re2.yahoo.com via HTTP; Sat, 30 Jun 2007 11:56:54 PDT Date: Sat, 30 Jun 2007 11:56:54 -0700 (PDT) From: Patrick Dung To: Manolis Kiagias In-Reply-To: <46869CAE.4060106@otenet.gr> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Message-ID: <139842.68546.qm@web54305.mail.re2.yahoo.com> Cc: "freebsd-questions@freebsd.org" Subject: Re: password againg and other policy enforcement X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Jun 2007 18:56:55 -0000 Thanks for reply. pam_passwdqc has feature to enforce min password length, and the combination. Also it can check the similarity with the current and new password. But tools to check when users password will expire is missing. Also it cannot keep password history (password that the user had used). The user can use password A, then user change to password B and then change back to password A... Regards Patrick --- Manolis Kiagias wrote: > Patrick Dung wrote: > > I have some question about password policy in FreeBSD: > > > > 1. Administrator can enforce password expire in /etc/login.conf > > Is there any tool that can check when the password will expire for > the > > users? > > > > 2. Any good way to enforce minimum password length and other > > restriction(like password need at least 2 numbers, 2 special char)? > > > > 3. Any ways to prevent user reuse old password? > > > > Regards > > Patrick > > > These options have been moved to PAM (Pluggable Authentication > Modules). > Have a look at /etc/pam.d > You will find a file called passwd > Edit it and uncomment the line: > > password requisite pam_passwdqc.so .... > > Change the options you require per the manual page > > (man 8 pam_passwdqc) > > A lot of restrictions can be placed on the password (history, > complexity, number of chars / symbols and so on). > > Manolis > > ____________________________________________________________________________________Ready for the edge of your seat? Check out tonight's top picks on Yahoo! TV. http://tv.yahoo.com/