Subject: re: security/10206 - proposed solution (concept)
To: None <firstname.lastname@example.org>
From: Elad Efrat <elad@NetBSD.org>
Date: 08/17/2005 01:05:22
I've written concept code, still work in progress, that allows an
admin to set a password policy in /etc/passwd.conf.
The current version has the following options when setting a policy:
minlen, maxlen, upper, lower, digits, punct.
minlen/maxlen - define the min. and max. length of the password. Zero
means no limit.
upper/lower/digits/punct - define what character sets are required to
be in the password. The first word should be ``yes'' or ``no''; an
optional argument can be in the form of ``N,M'', requiring at least
N characters of that class, but not more than M characters. Zero means
no limit here too.
An example entry in /etc/passwd.conf for at least 8 character passwords
combining both upper/lower case and digits can be:
minlen = 8
upper = yes
lower = yes
digits = yes
The code is available from
ftp://ftp.netbsd.org/pub/NetBSD/misc/elad/policy.c. It can very easily
be extended to support more policies. (for example, dictionary lists, if
people still care :)
PGP Key ID: 0x666EB914