SUMMARY: Forcing Stronger Passwords

From: Robert Geiger <nebraska57_at_yahoo.com>
Date: Sat Jan 31 2004 - 22:18:49 EST
All;

Many thanks to all that responded -- though I have to
say, I find myself not much further along.  All but
two of the respondents recommended periodic cracking
of passwords and forcing people whose passwords are
easily cracked to change them -- though this is what
we already do and I'm trying to get something more
proactive in place!

One person recommended anlpasswd and another said to
use npasswd. I'm familiar with these passwd wrappers
but, I have to say, it seems extraordinary to me that
Solaris provides nothing (native) other than the
default PAM module, which allows for incredibly lame
passwords.

I did go to openwall.com (John the Ripper site) and
downloaded the pam_passwdqc PAM module, which I got to
work but is pretty draconian and may not be practical
for most environments.

Anyway, that's my summary -- such as it is.  I will
summarize again if anyone responds with something
other than password cracking and open-source wrappers.

Thanks again to all.
---------------------------------

Original Message:

Hello, All...

OK, I think I'm so close to having an answer to this,
but can't seem to make the final step.  I'm cracking
down on the lame passwords people have been selecting
and I know I can achieve that through PAM and via
/etc/pam.conf -- but for the life of me I can't figure
out how to get it done.

I know it has to have something to do with an extended
Password Management module that forces something like
a dictionary check, but I'm at a loss at this point. 
We're mostly Solaris 8 with a few 9 installations and
a few legacy 2.6 systems.

Right now, the default config forces a password of at
least 6 characters and at least one numeric or special
character...  But that's not enough as someone could
still get away with their first or last name and just
add a number to it -- which John the Ripper gets in
about 5 seconds!

Can anyone help with some advice on how to further
strengthen my systems' password checking?

Many thanks in advance -- will summarize as this has
been incredibly hard to get detailed information on!

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free web site building tool. Try it!
http://webhosting.yahoo.com/ps/sb/
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Sat Jan 31 22:18:45 2004

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:27 EST