1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
Jesse, Rich wrote: |
5 |
> 1) 30 day lifetime |
6 |
> 2) Minimum length of 12 (eep!) |
7 |
|
8 |
This two is not a problem on every linux box |
9 |
|
10 |
> 3) No reuse of passwords (keep password history) |
11 |
|
12 |
In this case i got a problem which app could provide such functionality |
13 |
|
14 |
> 4) Check password for dictionary and common variants (e.g. username) |
15 |
|
16 |
Some proxy between passwd and shadow / PAM ? |
17 |
|
18 |
> 5) Do not use system-generated passwords |
19 |
|
20 |
Do you follow that example with 30 sign password? |
21 |
|
22 |
> 6) Teach users to use an algorithm to generate passwords. |
23 |
|
24 |
User training is very important but even if you prepare good training |
25 |
plan not every one would use it. So we have to force them to use our |
26 |
policy with 1-5 points from above. |
27 |
|
28 |
Thank you for good example of logical and usable in theory password |
29 |
policy. Now I have to search for implementation of points 3 and 4. |
30 |
|
31 |
- -- |
32 |
Paweł Madej aka Nysander |
33 |
Member of QuanTeam | RLU #357047 |
34 |
http://wiki.quanteam.info | Gentoo Linux User |
35 |
http://forum-farmaceutyczne.org | GPG key: 5861680B |
36 |
| keyserver: http://pgp.mit.edu |
37 |
Kielce, Poland | UTF-8 Email Preferred |
38 |
|
39 |
Looking to buy: 6x 73 GB UW3/Ultra160 SCSI 80 pin (SCA) |
40 |
..::||::.. pair of PentiumIII Slot1 1GHz/ FSB 100 processors |
41 |
..::||::.. 2x 256 MB SDRAM ECC Registered |
42 |
Got any of this mail me, with prize and shipping costs. |
43 |
-----BEGIN PGP SIGNATURE----- |
44 |
Version: GnuPG v1.4.2 (GNU/Linux) |
45 |
|
46 |
iD8DBQFDzne6gvSMglhhaAsRAusvAJ9R3UcBPHUh9Tc85DqdsCv8r9+iaQCgtECZ |
47 |
XJgsLIRswbCHOhfKONgw1CQ= |
48 |
=X7bG |
49 |
-----END PGP SIGNATURE----- |
50 |
-- |
51 |
gentoo-server@g.o mailing list |