I received a number of good responses on this one.
David Lee notes that npasswd does, in fact, offer a password memory
function. He also suggest that a PAM module would be a good way to
implement this function. I like this idea, and have put some work into
it, but haven't finished. Work will continue as time permits.
Andrew Brennan suggest that rather than keeping n passwords, I should
consider keeping them for a fixed time, such as a year. I think he's
right in that this would defeat those who would just create 5 dummy
passwords, cycle through them, and restore the original.
Mark (bergman@panix.com) provided a perl script which performs this
function and integrates with NIS+. I have a box or two which I really
don't want to put Perl on, but do want this functionality, so I haven't
tried this yet.
Mike DeMarco offers the suggestion that forcing users to change passwords
often can be a security problem rather than a solution. He also
references a journal article which claimed that users can choose secure
passwords, but if forced to do so often would rely on post-it-note-on-the
monitor tactics to remember.
Arnaud Kleinveld's vacation program wrote to inform me he'd be out of the
office until July 3rd. I just came back from vacation myself, and hope
you enjoyed yours as much as I enjoyed mine. :)
Thanks everyone!
Rob
On Wed, 21 Jun 2000, Rob McCauley wrote:
>
> I know there are passwd replacement programs that do useful things such as
> checking for passwords which are likely to be easily broken (npasswd
> and passwd+, I believe). I'm looking for something which would insure
> that users don't simply keep alternating between two different passwords
> when required to change periodically. My question, then, is this:
>
> Do you know of anything, either external application or option I've missed
> in solaris, which would require that a user's password is not the same as
> any they've used over the last n password changes?
>
> Opinions on whether this is a useful thing to do are welcome. I realize
> users will likely cycle between a pool of n+1 passwords making this a less
> than perfect solution.
>
> I will post a summary.
>
> Thanks!
>
> Rob
>
> --
> ------------------------------------------------------------------------------
> Rob McCauley
> Radiation Oncology
> Duke University Medical Center
>
>
>
>
>
S
U BEFORE POSTING please READ the FAQ located at
N ftp://ftp.cs.toronto.edu/pub/jdd/sun-managers/faq
. and the list POLICY statement located at
M ftp://ftp.cs.toronto.edu/pub/jdd/sun-managers/policy
A To submit questions/summaries to this list send your email message to:
N sun-managers@ececs.uc.edu
A To unsubscribe from this list please send an email message to:
G majordomo@sunmanagers.ececs.uc.edu
E and in the BODY type:
R unsubscribe sun-managers
S Or
. unsubscribe sun-managers original@subscription.address
L To view an archive of this list please visit:
I http://www.latech.edu/sunman.html
S
T
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:14:12 CDT