Subject: Re: Password demands?
To: Bruce J.A. Nourish <netbsd@bjan.freeshell.org>
From: None <kpneal@pobox.com>
List: netbsd-users
Date: 02/24/2004 18:48:25
On Mon, Feb 23, 2004 at 12:25:27AM +0000, Bruce J.A. Nourish wrote:
> On Sun, Feb 22, 2004 at 11:08:21PM +0100, Vincent van Scherpenseel wrote:
> > Hello,
> >
> > Is it possible to change the password demands set for passwd? In example: if a
> > user enters a password shorter than x characters, it will be rejected. Or, if
> > a user enters a password containing only letters, it will be rejected. I know
> > there are some demands set by default, but they are not forced (users are
> > adviced to choose a different password, but they don't *have* to). Also I
> > would like to change the minimum password length. Is it possible to change
> > this, and if yes, where?
>
> The software you really want for this is cracklib, security/libcrack in
> pkgsrc. The problem with this is that you have to modify passwd to make
> the cracklib FacistCheck() call. This isn't particularly hard, but then
> your local src tree is divergent from the NetBSD tree, with all the
> maintainence agony that brings. For a large site with many lusers the
> benefits would be worthwhile, but it's probably too much hassle for
> everyone else.
How about having passwd run an external program that accepts the
proposed new password on stdin? A response could be ACCEPT or REJECT.
Use of this could be enabled by login.conf.
No, I'm not volunteering.
--
Kevin P. Neal http://www.pobox.com/~kpn/
"Not even the dumbest terrorist would choose an encryption program that
allowed the U.S. government to hold the key." -- (Fortune magazine
is smarter than the US government, Oct 29 2001, page 196.)