Forcing Stronger Passwords
From: Robert Geiger (nebraska57_at_yahoo.com)
Date: Sat, 24 Jan 2004 19:25:14 -0800 (PST) To: firstname.lastname@example.org
OK, I think I'm so close to having an answer to this,
but can't seem to make the final step. I'm cracking
down on the lame passwords people have been selecting
and I know I can achieve that through PAM and via
/etc/pam.conf -- but for the life of me I can't figure
out how to get it done.
I know it has to have something to do with an extended
Password Management module that forces something like
a dictionary check, but I'm at a loss at this point.
We're mostly Solaris 8 with a few 9 installations and
a few legacy 2.6 systems.
Right now, the default config forces a password of at
least 6 characters and at least one numeric or special
character... But that's not enough as someone could
still get away with their first or last name and just
add a number to it -- which John the Ripper gets in
about 5 seconds!
Can anyone help with some advice on how to further
strengthen my systems' password checking?
Many thanks in advance -- will summarize as this has
been incredibly hard to get detailed information on!
Do you Yahoo!?
Yahoo! SiteBuilder - Free web site building tool. Try it!
sunmanagers mailing list