Summary: Update: Solaris password - about three-letter difference

From: Zaigui Wang <zaigui_at_yahoo.com>
Date: Thu Feb 27 2003 - 14:42:47 EST
Thanks for all who provided ideas regarding how to
solve this issue. I have replied to most of the
posters individually (I apologize if I missed you). My
previous UPDATE email hopefully already summarized the
gist of responses that I received. Some replies also
suggested the use of wrappers, scripts, etc. However,
IMO, those are not really clean solutions and
solutions of this type have caused us problem before. 

Failing to get hold of a ideal technical solution for
this issue, I did some wild search and came across an
article on Sun's blueprint online: Extending
Authentication in the Solaris 9 OE using PAM: Part II
(blueprint online Oct. 2002). One of the examples in
this article talks EXACTLY about how to modify the
passwd management scheme with the example PAM module
compare.c. I have yet to try this out...

Thanks again.

Zaigui
--- Zaigui Wang <zaigui@yahoo.com> wrote:
> From: Zaigui Wang <zaigui@yahoo.com>
> Subject: Update: Solaris password - about
> three-letter difference
> To: sunmanagers@sunmanagers.org
> Date: Wed, 19 Feb 2003 12:29:26 -0800 (PST)
> 
> As expected, a lot of the replies suggest that we,
> as
> sysadmin, should not back down simply because some
> user in the senior management does not like the
> inconvenience that this has caused him/her.
> Education
> is the buzz word for the solution. 
> 
> I agree with you guys on most of the points and we
> are
> still trying to resolve this by persuasion and
> education. Politics aside, I do see though a
> neccessity of making this restriction tunable. It is
> my understanding that other OSes, such as Windows
> and
> Novell, allows a more flexible password policy to be
> customized based on the customers' need.
> 
> Many people assumed that the problem is with
> changing
> from 3 to 2 or 1 letter difference, but the same
> problem is still there if one day we decide that
> 3-letter difference is not strong enough to fend off
> secuity breaches and would like to go up to 4-letter
> or 5-letter difference.
> 
> I would appreciate it very much if our expert here
> can
> provide some hints on modifying/writing PAM modules
> to
> make this work...
> 
> Zaigui
> 
> 
> 
> > Hi managers,
> >
> > In solaris, when you change your password, the new
> > password has to be different in three positions
> from
> > the previous password.
> >
> > Is there any way this can be tuned? We are having
> here
> > some unhappy user (not just the regular user, I
> assure
> > you) and are asked to change this to 1-position
> > different.
> >
> > SUN's answer to this is it is not tunable. Can
> anybody
> > provide some magic workaround?
> >
> > Zaigui
> > Yahoo! Shopping - Send Flowers for Valentine's Day
> > http://shopping.yahoo.com
> Yahoo! Shopping - Send Flowers for Valentine's Day
> http://shopping.yahoo.com
> _______________________________________________
> sunmanagers mailing list
> sunmanagers@sunmanagers.org
>
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Thu Feb 27 14:47:51 2003

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:04 EST