Date: Mon, 5 Feb 2001 09:51:51 +0200 From: "Niekie Myburgh (QData)" <niekie@rcf.co.za> To: 'Sean Winn' <sean@gothic.net.au> Cc: "'freebsd-hackers@freebsd.org'" <freebsd-hackers@freebsd.org>, "'freebsd-questions@freebsd.org'" <freebsd-questions@freebsd.org> Subject: RE: passwd, npasswd, PAM and password ageing Message-ID: <C7F233BFBFFBD211A4370000E220291A1BF336@ntnr2>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] I went through the login.conf man page. Everything there works quite nice (Force change, force upper/lower case etc.), except that I cannot figure out how to stop the user from re-using last month's password. ie. How can I make BSD remeber the passwords that was used during the last 6 changes, and stop the user from using them again. I also need a bit more control on the password side. Our company policy specifies that the password meet at least 3 of the following 4 criteria: lowercase uppercase numbers punctuation (!@#$%^&*()+":>?<) BSD enforces (as far as I can see) only 2 of the four. Any suggestions / sample pam.conf entries will be apreciated. Regards. Niekie > -----Original Message----- > From: Sean Winn [SMTP:sean@gothic.net.au] > Sent: Monday, February 05, 2001 9:33 AM > To: Niekie Myburgh (QData) > Subject: Re: passwd, npasswd, PAM and password ageing > > At 08:19 5/02/01 +0200, you wrote: > > >Can anyone tell me how to get password ageing working on FreeBSD 4.2. I > >have to stop users from re-using their passwords. On Linux, pam_cracklib > > >and pam_passwdqc does the trick, but on BSD, they are just being > >ignored. I tried npassword, but that was made for Solaris & other > >operating systems, and does not compile (easily) on BSD. If you does get > > >it to compile, it does the core dump thing. It also rely on shadow > >passwords, and other things that does not seem to be present on > >FreeBSD. I would appreciate any help I can get in this regard. > > Shadow passwords are standard. They're in /etc/master.passwd > > login.conf (man 5 login.conf) controls password aging and other > facilities. > > > >Thanx. > > > >Niekie [-- Attachment #2 --] <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"> <META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2652.35"> <TITLE>RE: passwd, npasswd, PAM and password ageing</TITLE> </HEAD> <BODY> <P><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">I went through the login.conf man page. Everything there works quite nice (Force change, force upper/lower case etc.), except that I cannot figure out how to stop the user from re-using last month's password. ie. How can I make BSD remeber the passwords that was used during the last 6 changes, and stop the user from using them again. I also need a bit more control on the password side. Our company policy specifies that the password meet at least 3 of the following 4 criteria:</FONT></P> <P><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">lowercase</FONT> <BR><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">uppercase</FONT> <BR><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">numbers</FONT> <BR><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">punctuation (!@#$%^&*()+":>?<)</FONT> </P> <P><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">BSD enforces (as far as I can see) only 2 of the four. Any suggestions / sample pam.conf entries will be apreciated.</FONT> </P> <BR> <BR> <P><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">Regards.</FONT> </P> <P><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">Niekie</FONT> </P> <UL> <P><FONT SIZE=1 FACE="Arial">-----Original Message-----</FONT> <BR><B><FONT SIZE=1 FACE="Arial">From: </FONT></B> <FONT SIZE=1 FACE="Arial">Sean Winn [SMTP:sean@gothic.net.au]</FONT> <BR><B><FONT SIZE=1 FACE="Arial">Sent: </FONT></B> <FONT SIZE=1 FACE="Arial">Monday, February 05, 2001 9:33 AM</FONT> <BR><B><FONT SIZE=1 FACE="Arial">To: </FONT></B> <FONT SIZE=1 FACE="Arial">Niekie Myburgh (QData)</FONT> <BR><B><FONT SIZE=1 FACE="Arial">Subject: </FONT></B> <FONT SIZE=1 FACE="Arial">Re: passwd, npasswd, PAM and password ageing</FONT> </P> <P><FONT SIZE=2 FACE="Arial">At 08:19 5/02/01 +0200, you wrote:</FONT> </P> <P><FONT SIZE=2 FACE="Arial">>Can anyone tell me how to get password ageing working on FreeBSD 4.2. I </FONT> <BR><FONT SIZE=2 FACE="Arial">>have to stop users from re-using their passwords. On Linux, pam_cracklib </FONT> <BR><FONT SIZE=2 FACE="Arial">>and pam_passwdqc does the trick, but on BSD, they are just being </FONT> <BR><FONT SIZE=2 FACE="Arial">>ignored. I tried npassword, but that was made for Solaris & other </FONT> <BR><FONT SIZE=2 FACE="Arial">>operating systems, and does not compile (easily) on BSD. If you does get </FONT> <BR><FONT SIZE=2 FACE="Arial">>it to compile, it does the core dump thing. It also rely on shadow </FONT> <BR><FONT SIZE=2 FACE="Arial">>passwords, and other things that does not seem to be present on </FONT> <BR><FONT SIZE=2 FACE="Arial">>FreeBSD. I would appreciate any help I can get in this regard.</FONT> </P> <P><FONT SIZE=2 FACE="Arial">Shadow passwords are standard. They're in /etc/master.passwd</FONT> </P> <P><FONT SIZE=2 FACE="Arial">login.conf (man 5 login.conf) controls password aging and other facilities.</FONT> </P> <BR> <P><FONT SIZE=2 FACE="Arial">>Thanx.</FONT> <BR><FONT SIZE=2 FACE="Arial">></FONT> <BR><FONT SIZE=2 FACE="Arial">>Niekie</FONT> </P> </UL> </BODY> </HTML>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C7F233BFBFFBD211A4370000E220291A1BF336>