Date: Sat, 9 Jul 2005 22:20:04 -0500 From: Dan Nelson <dnelson@allantgroup.com> To: jdyke@azimapower.com Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: password rotation and unique constraint Message-ID: <20050710032004.GB5116@dan.emsphone.com> In-Reply-To: <42D08423.5080401@azimapower.com> References: <42D08423.5080401@azimapower.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In the last episode (Jul 09), Jeff said: > i'd like to configure pw.conf to force password expiration. is there > anyway to ensure the user can not change it to the same password. i > don't need to keep the last 7 or anything, just stop it being the > same from the last one. If/when i need the last N password, i'd > assume i'd have to move to LDAP? Should be easy enough to add a check to the passwd source to make sure that the old password doesn't match the new one. As for storing the last 7 passwords and checking against them, I don't see any reason LDAP would be required. It doesn't magically add this support. If you're already using NIS (you didn't say), you can add code to rpc.yppasswdd to store the old password hashes somewhere and check against them before accepting a new password change. -- Dan Nelson dnelson@allantgroup.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050710032004.GB5116>