I received a number of good responses on this one.
David Lee notes that npasswd does, in fact, offer a password memory
function. He also suggest that a PAM module would be a good way to
implement this function. I like this idea, and have put some work into
it, but haven't finished. Work will continue as time permits.
Andrew Brennan suggest that rather than keeping n passwords, I should
consider keeping them for a fixed time, such as a year. I think he's
right in that this would defeat those who would just create 5 dummy
passwords, cycle through them, and restore the original.
Mark (firstname.lastname@example.org) provided a perl script which performs this
function and integrates with NIS+. I have a box or two which I really
don't want to put Perl on, but do want this functionality, so I haven't
tried this yet.
Mike DeMarco offers the suggestion that forcing users to change passwords
often can be a security problem rather than a solution. He also
references a journal article which claimed that users can choose secure
passwords, but if forced to do so often would rely on post-it-note-on-the
monitor tactics to remember.
Arnaud Kleinveld's vacation program wrote to inform me he'd be out of the
office until July 3rd. I just came back from vacation myself, and hope
you enjoyed yours as much as I enjoyed mine. :)
On Wed, 21 Jun 2000, Rob McCauley wrote:
> I know there are passwd replacement programs that do useful things such as
> checking for passwords which are likely to be easily broken (npasswd
> and passwd+, I believe). I'm looking for something which would insure
> that users don't simply keep alternating between two different passwords
> when required to change periodically. My question, then, is this:
> Do you know of anything, either external application or option I've missed
> in solaris, which would require that a user's password is not the same as
> any they've used over the last n password changes?
> Opinions on whether this is a useful thing to do are welcome. I realize
> users will likely cycle between a pool of n+1 passwords making this a less
> than perfect solution.
> I will post a summary.
> Rob McCauley
> Radiation Oncology
> Duke University Medical Center
U BEFORE POSTING please READ the FAQ located at
. and the list POLICY statement located at
A To submit questions/summaries to this list send your email message to:
A To unsubscribe from this list please send an email message to:
E and in the BODY type:
R unsubscribe sun-managers
. unsubscribe sun-managers email@example.com
L To view an archive of this list please visit:
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:14:12 CDT