Re: UNIX Password Security

From: Lew Pitcher (Lew.Pitcher_at_td.com)
Date: 07/22/05

• Next message: strepxe_at_yahoo.co.uk: "Re: du indicates directory usage when there are no files"
• Previous message: cameron: "UNIX Password Security"
• In reply to: cameron: "UNIX Password Security"
• Next in thread: Steve Foley: "Re: UNIX Password Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Date: Fri, 22 Jul 2005 14:54:41 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

cameron wrote:
> I would like to know how I can force end users to develop complex passwords
> for my AIX system. I have looked at the password file attributes, but the
> functionality is not there.

Please define 'complex passwords'

A quick Google search using the terms "aix password policy" brought up a
number of relevant sites, including this one ->
http://www.securitydocs.com/library/3136/2

I don't know AIX, but I do know that it has a number of tuning "knobs"
to permit you to tighten up password policy.

Just a word of warning, though. You don't want to wind your password
policy too tight; the more complex you make your password requirements,
the more likely that end-users will not be able to easily memorize their
passwords, and (1) your sysadm calls will go up ("I can't remember my
password. Can you reset it for me?") and (2) your users will likely
write their passwords down, making them less secure than a less complex
password that was memorized.

- --

Lew Pitcher, IT Specialist, Enterprise Data Systems
Enterprise Technology Solutions, TD Bank Financial Group

(Opinions expressed here are my own, not my employer's)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)

iD8DBQFC4UDwagVFX4UWr64RAs2AAKCl+WTWhcIMl5/rFooQlharmUrFKACfZeUT
Cn+j+HUeRTNCL7KoFB26M+E=
=+m71
-----END PGP SIGNATURE-----

---

• Next message: strepxe_at_yahoo.co.uk: "Re: du indicates directory usage when there are no files"
• Previous message: cameron: "UNIX Password Security"
• In reply to: cameron: "UNIX Password Security"
• Next in thread: Steve Foley: "Re: UNIX Password Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Relevant Pages Re: Domain Password Policy Question ... If you didn't change the password expiration time, only the next change the users will be prompted to new requirements. ... password policy for my domain. ... We currently have the require complex passwords enabled along with the rest ... number of characters we be 15 characters without complexity. ... (microsoft.public.windows.server.active_directory) Re: Cant add Users! ... Sunny posted a question ... I can add computers, ... Have you checked your password policy for length and complexity? ... If your policy is set to use complex passwords You must have one uppercase ... (microsoft.public.windows.server.dns) Change user password in ADS and check the password policy? ... Hi, im creating a app where the user can change his password, so far so good. ... Now, we have on our domain a password policy which means that passwords are stored 12 time, the password must be changed on every 60 days and uses complex passwords etc... ... catch (DirectoryServicesCOMException ex) ... (microsoft.public.dotnet.languages.csharp) Re: Domain Password Policy ... > No password policy in effect. ... > You put a policy in effect that requires complex passwords, ... A domain admin (or delegated user) will need to ... User Must Reset Password At Next Logon.) ... (microsoft.public.win2000.security) UNIX Password Security ... I would like to know how I can force end users to develop complex passwords ... for my AIX system. ... I have looked at the password file attributes, ... functionality is not there. ... (comp.unix.questions)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)