Subject: Re: Password demands?
To: None <netbsd-users@NetBSD.org>
From: Bruce J.A. Nourish <netbsd@bjan.freeshell.org>
List: netbsd-users
Date: 02/23/2004 00:25:27
On Sun, Feb 22, 2004 at 11:08:21PM +0100, Vincent van Scherpenseel wrote:
> Hello,
>
> Is it possible to change the password demands set for passwd? In example: if a
> user enters a password shorter than x characters, it will be rejected. Or, if
> a user enters a password containing only letters, it will be rejected. I know
> there are some demands set by default, but they are not forced (users are
> adviced to choose a different password, but they don't *have* to). Also I
> would like to change the minimum password length. Is it possible to change
> this, and if yes, where?
The software you really want for this is cracklib, security/libcrack in
pkgsrc. The problem with this is that you have to modify passwd to make
the cracklib FacistCheck() call. This isn't particularly hard, but then
your local src tree is divergent from the NetBSD tree, with all the
maintainence agony that brings. For a large site with many lusers the
benefits would be worthwhile, but it's probably too much hassle for
everyone else.
Various people have suggested that OpenBSD add libcrack to their tree,
but none of the active developers appear to have liked the idea. One
email did mention a better, BSD licensed library called libpwqdc by
someone/someplace called "Solar designer", but Google brings up only
one hit for that. If anyone else knows anything about the mysterious
libqwqdc, I'd love to hear.
Given the very high average competency of NetBSD users, I don't see us
being in the forefront of a rush to make a smarter, safer passwd - there
really isn't much of a need. If you really, really want to see this
type of functionality in NetBSD, reimplement/find a BSD licensed
substitute and get it into OpenBSD, then ask for a NetBSD port.
--
Bruce J.A. Nourish <bjan@bjan.freeshell.org> http://bjan.freeshell.org
SDF Public Access UNIX System - http://sdf.lonestar.org