Date: Mon, 5 Feb 2001 09:51:51 +0200 From: "Niekie Myburgh (QData)" <niekie@rcf.co.za> To: 'Sean Winn' <sean@gothic.net.au> Cc: "'freebsd-hackers@freebsd.org'" <freebsd-hackers@freebsd.org>, "'freebsd-questions@freebsd.org'" <freebsd-questions@freebsd.org> Subject: RE: passwd, npasswd, PAM and password ageing Message-ID: <C7F233BFBFFBD211A4370000E220291A1BF336@ntnr2>
next in thread | raw e-mail | index | archive | help
This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C08F48.80383B40 Content-Type: text/plain I went through the login.conf man page. Everything there works quite nice (Force change, force upper/lower case etc.), except that I cannot figure out how to stop the user from re-using last month's password. ie. How can I make BSD remeber the passwords that was used during the last 6 changes, and stop the user from using them again. I also need a bit more control on the password side. Our company policy specifies that the password meet at least 3 of the following 4 criteria: lowercase uppercase numbers punctuation (!@#$%^&*()+":>?<) BSD enforces (as far as I can see) only 2 of the four. Any suggestions / sample pam.conf entries will be apreciated. Regards. Niekie > -----Original Message----- > From: Sean Winn [SMTP:sean@gothic.net.au] > Sent: Monday, February 05, 2001 9:33 AM > To: Niekie Myburgh (QData) > Subject: Re: passwd, npasswd, PAM and password ageing > > At 08:19 5/02/01 +0200, you wrote: > > >Can anyone tell me how to get password ageing working on FreeBSD 4.2. I > >have to stop users from re-using their passwords. On Linux, pam_cracklib > > >and pam_passwdqc does the trick, but on BSD, they are just being > >ignored. I tried npassword, but that was made for Solaris & other > >operating systems, and does not compile (easily) on BSD. If you does get > > >it to compile, it does the core dump thing. It also rely on shadow > >passwords, and other things that does not seem to be present on > >FreeBSD. I would appreciate any help I can get in this regard. > > Shadow passwords are standard. They're in /etc/master.passwd > > login.conf (man 5 login.conf) controls password aging and other > facilities. > > > >Thanx. > > > >Niekie ------_=_NextPart_001_01C08F48.80383B40 Content-Type: text/html Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Dus-ascii"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version = 5.5.2652.35"> <TITLE>RE: passwd, npasswd, PAM and password ageing</TITLE> </HEAD> <BODY> <P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">I went through the = login.conf man page. Everything there works quite nice (Force = change, force upper/lower case etc.), except that I cannot figure out = how to stop the user from re-using last month's password. ie. How = can I make BSD remeber the passwords that was used during the last 6 = changes, and stop the user from using them again. I also need a = bit more control on the password side. Our company policy = specifies that the password meet at least 3 of the following 4 = criteria:</FONT></P> <P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">lowercase</FONT> <BR><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">uppercase</FONT> <BR><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">numbers</FONT> <BR><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">punctuation = (!@#$%^&*()+":>?<)</FONT> </P> <P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">BSD enforces (as far = as I can see) only 2 of the four. Any suggestions / sample = pam.conf entries will be apreciated.</FONT> </P> <BR> <BR> <P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">Regards.</FONT> </P> <P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">Niekie</FONT> </P> <UL> <P><FONT SIZE=3D1 FACE=3D"Arial">-----Original Message-----</FONT> <BR><B><FONT SIZE=3D1 FACE=3D"Arial">From: </FONT></B> <FONT = SIZE=3D1 FACE=3D"Arial">Sean Winn [SMTP:sean@gothic.net.au]</FONT> <BR><B><FONT SIZE=3D1 FACE=3D"Arial">Sent: </FONT></B> <FONT = SIZE=3D1 FACE=3D"Arial">Monday, February 05, 2001 9:33 AM</FONT> <BR><B><FONT SIZE=3D1 = FACE=3D"Arial">To: </FONT></B> <FONT SIZE=3D1 = FACE=3D"Arial">Niekie Myburgh (QData)</FONT> <BR><B><FONT SIZE=3D1 = FACE=3D"Arial">Subject: </FONT>= </B> <FONT SIZE=3D1 FACE=3D"Arial">Re: passwd, npasswd, PAM and = password ageing</FONT> </P> <P><FONT SIZE=3D2 FACE=3D"Arial">At 08:19 5/02/01 +0200, you = wrote:</FONT> </P> <P><FONT SIZE=3D2 FACE=3D"Arial">>Can anyone tell me how to get = password ageing working on FreeBSD 4.2. I </FONT> <BR><FONT SIZE=3D2 FACE=3D"Arial">>have to stop users from re-using = their passwords. On Linux, pam_cracklib </FONT> <BR><FONT SIZE=3D2 FACE=3D"Arial">>and pam_passwdqc does the trick, = but on BSD, they are just being </FONT> <BR><FONT SIZE=3D2 FACE=3D"Arial">>ignored. I tried npassword, = but that was made for Solaris & other </FONT> <BR><FONT SIZE=3D2 FACE=3D"Arial">>operating systems, and does not = compile (easily) on BSD. If you does get </FONT> <BR><FONT SIZE=3D2 FACE=3D"Arial">>it to compile, it does the core = dump thing. It also rely on shadow </FONT> <BR><FONT SIZE=3D2 FACE=3D"Arial">>passwords, and other things that = does not seem to be present on </FONT> <BR><FONT SIZE=3D2 FACE=3D"Arial">>FreeBSD. I would appreciate = any help I can get in this regard.</FONT> </P> <P><FONT SIZE=3D2 FACE=3D"Arial">Shadow passwords are standard. They're = in /etc/master.passwd</FONT> </P> <P><FONT SIZE=3D2 FACE=3D"Arial">login.conf (man 5 login.conf) controls = password aging and other facilities.</FONT> </P> <BR> <P><FONT SIZE=3D2 FACE=3D"Arial">>Thanx.</FONT> <BR><FONT SIZE=3D2 FACE=3D"Arial">></FONT> <BR><FONT SIZE=3D2 FACE=3D"Arial">>Niekie</FONT> </P> </UL> </BODY> </HTML> ------_=_NextPart_001_01C08F48.80383B40-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C7F233BFBFFBD211A4370000E220291A1BF336>