Subject: libpwqcd (was: Password demands revisited)
To: None <netbsd-users@NetBSD.org>
From: Bruce J.A. Nourish <netbsd@bjan.freeshell.org>
List: netbsd-users
Date: 02/24/2004 16:32:18
On Tue, Feb 24, 2004 at 09:45:12AM +0100, Vincent van Scherpenseel wrote:
> [1] Secure passwd
> Some people say the passwd tool should be secured by implementing software 
> like cracklib, which tests the user input against known dictionaries. This is 
> a very nice way of achieving what we want, but it's some work, and it's 
> conflicting with the standard passwd tool.

Not that much work: at the suggestion of Dan Riley, I've separated the
password checking functionality of the (BSD licensed) libpasswdqc from
the PAM functionality: http://bjan.freeshell.org/libpasswdqc.tar.gz.
I'll make a version suitable for the NetBSD src tree tonight.

> [2] Write a frontend to passwd / alternative for passwd

Why bother? Just do #1.

> [3] Password generators
> Others advice to write or use a password generator for users so they get a 
> generated password. 

Libpasswdqc has this functionality built in. An option could be added
to passwd so that the user/admin could request a generated password.

-- 
Bruce J.A. Nourish <bjan@bjan.freeshell.org> http://bjan.freeshell.org
SDF Public Access UNIX System - http://sdf.lonestar.org