From owner-freebsd-security  Tue Nov 19  8:27:16 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id EC62C37B401
	for <security@freebsd.org>; Tue, 19 Nov 2002 08:27:14 -0800 (PST)
Received: from txemail.bankofamerica.com (txemail.bankofamerica.com [171.161.160.14])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7625C43E75
	for <security@freebsd.org>; Tue, 19 Nov 2002 08:27:14 -0800 (PST)
	(envelope-from Rick.Robinson@bankofamerica.com)
Received: from tximail.bankofamerica.com (tximail.bankofamerica.com [171.182.168.13])
	by txemail.bankofamerica.com (8.11.1/8.11.1) with ESMTP id gAJGR8M13811
	for <security@freebsd.org>; Tue, 19 Nov 2002 16:27:08 GMT
Received: from smtpsw01 (smtpsw01.bankofamerica.com [159.185.89.135])
	by tximail.bankofamerica.com (8.11.1/8.11.1) with ESMTP id gAJGR8019687
	for <security@freebsd.org>; Tue, 19 Nov 2002 16:27:08 GMT
Content-return: allowed
Date: Tue, 19 Nov 2002 10:26:24 -0600
From: "Robinson, Rick" <Rick.Robinson@bankofamerica.com>
Subject: Strong Passwords
To: "'security@freebsd.org'" <security@freebsd.org>
Message-id: <AFB399ACC132D511A0F700508B6FC8D201579702@mail.bankofamerica.com>
MIME-version: 1.0
X-Mailer: Internet Mail Service (5.5.2655.55)
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 7BIT
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Can anyone suggest what the best way to enforce strong passwords on a
FreeBSD system is? We would like to add the functionality to our system to
require users to have at least one alpha character and one numeric character
in their passwords. And if possible also require them to use special
characters in their passwords. I know we can try password cracking as a way
to ensure strong passwords, but I think we want to go with a more proactive
approach. 

I looked at the login.conf man page, but it looks like the only option
available is to require mixed case passwords. I also looked briefly at
Npasswd+, but had trouble getting that to compile on FreeBSD. Any
suggestions you might have would be greatly appreciated.

Thanks,
Rick

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message