Date: Thu, 21 Nov 2002 12:30:32 -0500 From: Niels Provos <provos@citi.umich.edu> To: gkshenaut@ucdavis.edu Cc: security@FreeBSD.ORG Subject: Re: Strong Passwords Message-ID: <20021121173032.GC9462@citi.citi.umich.edu> In-Reply-To: <200211191955.gAJJt9Q77865@thistle.bogs.org> References: <AFB399ACC132D511A0F700508B6FC8D201579702@mail.bankofamerica.com> <200211191955.gAJJt9Q77865@thistle.bogs.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Nov 19, 2002 at 11:55:08AM -0800, Greg Shenaut wrote:
> I think the most straightforward way would be to hack your copy of
> /usr/src/usr.bin/passwd/local_passwd.c to enforce whatever you
> want. If you go in there, you will probably also notice that the
> "requirements" of minimum length and not-all-lower-case can be
I added some improvements to OpenBSD's passwd awhile ago.
It allows you to call an external password checking program that
determines if the password's quality is acceptable.
Its configured via login.conf:
passwordcheck path An external program that
checks the quality of the
password. The password is
passed to the program on
stdin. An exit code of 0 indi-
cates that the quality of the
password is sufficient, an ex-
it code of 1 signals that the
password failed the check.
Might be worthwhile porting. The code is very simple.
Niels.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021121173032.GC9462>