| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
Jesse, Rich wrote: |
| 5 |
> 1) 30 day lifetime |
| 6 |
> 2) Minimum length of 12 (eep!) |
| 7 |
|
| 8 |
This two is not a problem on every linux box |
| 9 |
|
| 10 |
> 3) No reuse of passwords (keep password history) |
| 11 |
|
| 12 |
In this case i got a problem which app could provide such functionality |
| 13 |
|
| 14 |
> 4) Check password for dictionary and common variants (e.g. username) |
| 15 |
|
| 16 |
Some proxy between passwd and shadow / PAM ? |
| 17 |
|
| 18 |
> 5) Do not use system-generated passwords |
| 19 |
|
| 20 |
Do you follow that example with 30 sign password? |
| 21 |
|
| 22 |
> 6) Teach users to use an algorithm to generate passwords. |
| 23 |
|
| 24 |
User training is very important but even if you prepare good training |
| 25 |
plan not every one would use it. So we have to force them to use our |
| 26 |
policy with 1-5 points from above. |
| 27 |
|
| 28 |
Thank you for good example of logical and usable in theory password |
| 29 |
policy. Now I have to search for implementation of points 3 and 4. |
| 30 |
|
| 31 |
- -- |
| 32 |
Paweł Madej aka Nysander |
| 33 |
Member of QuanTeam | RLU #357047 |
| 34 |
http://wiki.quanteam.info | Gentoo Linux User |
| 35 |
http://forum-farmaceutyczne.org | GPG key: 5861680B |
| 36 |
| keyserver: http://pgp.mit.edu |
| 37 |
Kielce, Poland | UTF-8 Email Preferred |
| 38 |
|
| 39 |
Looking to buy: 6x 73 GB UW3/Ultra160 SCSI 80 pin (SCA) |
| 40 |
..::||::.. pair of PentiumIII Slot1 1GHz/ FSB 100 processors |
| 41 |
..::||::.. 2x 256 MB SDRAM ECC Registered |
| 42 |
Got any of this mail me, with prize and shipping costs. |
| 43 |
-----BEGIN PGP SIGNATURE----- |
| 44 |
Version: GnuPG v1.4.2 (GNU/Linux) |
| 45 |
|
| 46 |
iD8DBQFDzne6gvSMglhhaAsRAusvAJ9R3UcBPHUh9Tc85DqdsCv8r9+iaQCgtECZ |
| 47 |
XJgsLIRswbCHOhfKONgw1CQ= |
| 48 |
=X7bG |
| 49 |
-----END PGP SIGNATURE----- |
| 50 |
-- |
| 51 |
gentoo-server@g.o mailing list |
Archives