SUMMARY: passwd with a memory

From: Rob McCauley (robmccau@RadOnc.Duke.EDU)
Date: Mon Jul 17 2000 - 08:27:03 CDT

I received a number of good responses on this one.

David Lee notes that npasswd does, in fact, offer a password memory
function. He also suggest that a PAM module would be a good way to
implement this function. I like this idea, and have put some work into
it, but haven't finished. Work will continue as time permits.

Andrew Brennan suggest that rather than keeping n passwords, I should
consider keeping them for a fixed time, such as a year. I think he's
right in that this would defeat those who would just create 5 dummy
passwords, cycle through them, and restore the original.

Mark ( provided a perl script which performs this
function and integrates with NIS+. I have a box or two which I really
don't want to put Perl on, but do want this functionality, so I haven't
tried this yet.

Mike DeMarco offers the suggestion that forcing users to change passwords
often can be a security problem rather than a solution. He also
references a journal article which claimed that users can choose secure
passwords, but if forced to do so often would rely on post-it-note-on-the
monitor tactics to remember.

Arnaud Kleinveld's vacation program wrote to inform me he'd be out of the
office until July 3rd. I just came back from vacation myself, and hope
you enjoyed yours as much as I enjoyed mine. :)

Thanks everyone!


On Wed, 21 Jun 2000, Rob McCauley wrote:

> I know there are passwd replacement programs that do useful things such as
> checking for passwords which are likely to be easily broken (npasswd
> and passwd+, I believe). I'm looking for something which would insure
> that users don't simply keep alternating between two different passwords
> when required to change periodically. My question, then, is this:
> Do you know of anything, either external application or option I've missed
> in solaris, which would require that a user's password is not the same as
> any they've used over the last n password changes?
> Opinions on whether this is a useful thing to do are welcome. I realize
> users will likely cycle between a pool of n+1 passwords making this a less
> than perfect solution.
> I will post a summary.
> Thanks!
> Rob
> --
> ------------------------------------------------------------------------------
> Rob McCauley
> Radiation Oncology
> Duke University Medical Center

U BEFORE POSTING please READ the FAQ located at
. and the list POLICY statement located at
A To submit questions/summaries to this list send your email message to:
A To unsubscribe from this list please send an email message to:
E and in the BODY type:
R unsubscribe sun-managers
S Or
. unsubscribe sun-managers original@subscription.address
L To view an archive of this list please visit:

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:14:12 CDT