[wplug] Security Policy
James O'Kane
jo2y at midnightlinux.com
Fri Jun 6 01:41:32 EDT 2003
On Thu, 5 Jun 2003, Bob Schmertz wrote:
> Out of curiosity, why would you want to prevent a user from
> updating his password twice in a short period of time?
If you have a policy that you can't use the last N passwords, then people
will have N+1 passwords that they cycle through one after the other so the
can come back to the original one. It defeats the purpose of the N
password rule. (eg. I used to work somewhere where you couldn't reuse your
last 5 passwords, so someone changed his password to test1, test2,
test3, test4, test5, originalpassword)
As mentioned PAM has a cracklib which does dictionary-like checking.
If nothing is already in PAM to do the other things you need, a module
could be written.
-james
More information about the wplug
mailing list