From owner-freebsd-questions Sun Feb 4 23:51:28 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mailsweeper.qdc-ec.co.za (gauntlet.mccarthy.co.za [196.26.24.1]) by hub.freebsd.org (Postfix) with ESMTP id E725F37B401; Sun, 4 Feb 2001 23:50:55 -0800 (PST) Received: from ntzn2.rainbow.co.za (unverified) by mailsweeper.qdc-ec.co.za (Content Technologies SMTPRS 4.1.5) with ESMTP id ; Mon, 5 Feb 2001 09:54:13 +0200 Received: by ntzn2-ip2.rainbow.co.za with Internet Mail Service (5.5.2650.21) id <11L62132>; Mon, 5 Feb 2001 09:47:48 +0200 Message-ID: From: "Niekie Myburgh (QData)" To: 'Sean Winn' Cc: "'freebsd-hackers@freebsd.org'" , "'freebsd-questions@freebsd.org'" Subject: RE: passwd, npasswd, PAM and password ageing Date: Mon, 5 Feb 2001 09:51:51 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C08F48.80383B40" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C08F48.80383B40 Content-Type: text/plain I went through the login.conf man page. Everything there works quite nice (Force change, force upper/lower case etc.), except that I cannot figure out how to stop the user from re-using last month's password. ie. How can I make BSD remeber the passwords that was used during the last 6 changes, and stop the user from using them again. I also need a bit more control on the password side. Our company policy specifies that the password meet at least 3 of the following 4 criteria: lowercase uppercase numbers punctuation (!@#$%^&*()+":>?<) BSD enforces (as far as I can see) only 2 of the four. Any suggestions / sample pam.conf entries will be apreciated. Regards. Niekie > -----Original Message----- > From: Sean Winn [SMTP:sean@gothic.net.au] > Sent: Monday, February 05, 2001 9:33 AM > To: Niekie Myburgh (QData) > Subject: Re: passwd, npasswd, PAM and password ageing > > At 08:19 5/02/01 +0200, you wrote: > > >Can anyone tell me how to get password ageing working on FreeBSD 4.2. I > >have to stop users from re-using their passwords. On Linux, pam_cracklib > > >and pam_passwdqc does the trick, but on BSD, they are just being > >ignored. I tried npassword, but that was made for Solaris & other > >operating systems, and does not compile (easily) on BSD. If you does get > > >it to compile, it does the core dump thing. It also rely on shadow > >passwords, and other things that does not seem to be present on > >FreeBSD. I would appreciate any help I can get in this regard. > > Shadow passwords are standard. They're in /etc/master.passwd > > login.conf (man 5 login.conf) controls password aging and other > facilities. > > > >Thanx. > > > >Niekie ------_=_NextPart_001_01C08F48.80383B40 Content-Type: text/html Content-Transfer-Encoding: quoted-printable RE: passwd, npasswd, PAM and password ageing

I went through the = login.conf man page.  Everything there works quite nice (Force = change, force upper/lower case etc.), except that I cannot figure out = how to stop the user from re-using last month's password.  ie. How = can I make BSD remeber the passwords that was used during the last 6 = changes, and stop the user from using them again.  I also need a = bit more control on the password side.  Our company policy = specifies that the password meet at least 3 of the following 4 = criteria:

lowercase
uppercase
numbers
punctuation = (!@#$%^&*()+":>?<)

BSD enforces (as far = as I can see) only 2 of the four.  Any suggestions / sample = pam.conf entries will be apreciated.



Regards.

Niekie

    -----Original Message-----
    From:   Sean Winn [SMTP:sean@gothic.net.au]
    Sent:   Monday, February 05, 2001 9:33 AM
    To:     Niekie Myburgh (QData)
    Subject:       = Re: passwd, npasswd, PAM and = password ageing

    At 08:19  5/02/01 +0200, you = wrote:

    >Can anyone tell me how to get = password ageing working on FreeBSD 4.2.  I
    >have to stop users from re-using = their passwords.  On Linux, pam_cracklib
    >and pam_passwdqc does the trick, = but on BSD, they are just being
    >ignored.  I tried npassword, = but that was made for Solaris & other
    >operating systems, and does not = compile (easily) on BSD.  If you does get
    >it to compile, it does the core = dump thing.  It also rely on shadow
    >passwords, and other things that = does not seem to be present on
    >FreeBSD.  I would appreciate = any help I can get in this regard.

    Shadow passwords are standard. They're = in /etc/master.passwd

    login.conf (man 5 login.conf) controls = password aging and other facilities.


    >Thanx.
    >
    >Niekie

------_=_NextPart_001_01C08F48.80383B40-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message