[wplug] Security Policy
Scott Eicher
Scott.Eicher at e-Profile.com
Thu Jun 12 13:30:32 EDT 2003
Thanks for the help and information on this stuff James and Bob.
I'm going to dive into that PAM page and see what I can learn.
Scott
-----Original Message-----
From: James O'Kane [mailto:jo2y at midnightlinux.com]
Sent: Friday, June 06, 2003 1:42 AM
To: WPLUG Mailing List
Subject: Re: [wplug] Security Policy
On Thu, 5 Jun 2003, Bob Schmertz wrote:
> Out of curiosity, why would you want to prevent a user from
> updating his password twice in a short period of time?
If you have a policy that you can't use the last N passwords, then people
will have N+1 passwords that they cycle through one after the other so the
can come back to the original one. It defeats the purpose of the N
password rule. (eg. I used to work somewhere where you couldn't reuse your
last 5 passwords, so someone changed his password to test1, test2,
test3, test4, test5, originalpassword)
As mentioned PAM has a cracklib which does dictionary-like checking.
If nothing is already in PAM to do the other things you need, a module
could be written.
-james
_______________________________________________
wplug mailing list
wplug at wplug.org
http://www.wplug.org/mailman/listinfo/wplug
More information about the wplug
mailing list