From owner-freebsd-isp Wed Mar 4 12:35:07 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA20278 for freebsd-isp-outgoing; Wed, 4 Mar 1998 12:35:07 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from toth.ferginc.com (toth.ferginc.com [205.139.23.69]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA20198 for ; Wed, 4 Mar 1998 12:34:57 -0800 (PST) (envelope-from branson@toth.ferginc.com) Received: (from branson@localhost) by toth.ferginc.com (You_Can/Keep_Guessing) id PAA17829; Wed, 4 Mar 1998 15:33:33 -0500 (EST) Message-ID: <19980304153333.39829@toth.FergInc.com> Date: Wed, 4 Mar 1998 15:33:33 -0500 From: Branson Matheson To: Graphic Rezidew Cc: freebsd-isp@FreeBSD.ORG Subject: Re: users and passwords Reply-To: Branson.Matheson@FergInc.com References: <34FDB5A7.84B9549C@rezidew.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.88 In-Reply-To: <34FDB5A7.84B9549C@rezidew.net>; from Graphic Rezidew on Wed, Mar 04, 1998 at 02:12:23PM -0600 Organization: Ferguson Enterprises, Inc. X-Operating-System: FreeBSD 2.2.2-RELEASE Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Mar 04, 1998 at 02:12:23PM -0600, Graphic Rezidew wrote: > Is there any method by which I can force users to pick secure passwords > when they execute 'passwd'? (eg. a wrapper that checks for bad passwords > or a replacement for passwd....) You have two options that are secure. 1> check out npasswd or passwd+, both compilable and should work under fbsd. ( I have played with both.. but I opted for the second suggestion which is ) : 2> Add the cracklib stuff to your passwd program. This will do a crack like check on the password before allowing crypt to be run. It works well. Cracklib comes with Crack. If you do use cracklib.. I also highly suggest that still run crack fairly regularly. One Sysadmin I know ( one of the co-authors of the System Admin Handbook ), takes the rulesets that crack finds passwords with and adds them to cracklib so that they cannot be used again. I would not suggest a wrapper.. it has the possiblity of be subverted. You should be able to find the links for the above software on www.ugu.com. - branson ------------------------------------------------------------------------------- Branson Matheson " If you are falling off of a mountain, Unix System Administrator You may as well try to fly." Ferguson Enterprises, Inc. - Delenn, Minbari Ambassador ( $statements = ) !~ /Corporate Opinion/; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message