I have received a few more messages, so I wanted to send out that information in case anyone needs it. Thank you to everyone who responded. >From the looks of things, I'm leaning towards npasswd, but need to look into things a bit more. Steven +++++++++++++++++++++++ Andrew_Rotramel@cch-lis.com +++++++++++++++++++++++ Try PowerPassword. It does lots of things, including password checks and locking out accounts. www.symark.com ++++++++++++++++++++++++++ David Foster [foster@dim.ucsd.edu] ++++++++++++++++++++++++++ Look at npasswd, a 3rd party utility that allows you this kind of flexibility. Not sure if it plays well with NIS/NIS+. +++++++++++++++++++++++++++++++++ Boothby Don [donald.boothby@thomson.net] +++++++++++++++++++++++++++++++++ I have been struggling with this. I am using ssh, so this might not apply to you. However, I'm using npasswd which supports everything including the option of locking out a user after 3 (configurable) attempts. The web site for this is: <http://www.utexas.edu/cc/unix/software/npasswd/> If you want to use the LDAP solution, I'm afraid I can't help. I inquired about it and there is an internal Sun web site that shows how to do it, but they won't release the info to the public until next month. I got an internal web site address, but I don't have access to their internal site. http://scribe.red.iplanet.com/ds/deliverables/Beta3_20021218/admin/useracct. html#1089018 <http://scribe.red.iplanet.com/ds/deliverables/Beta3_20021218/admin/useracct .html> P.S. I had gotten npasswd to work without ssh. I'm in the middle of getting it to work with ssh which is my latest project. If you need it to work with ssh, there are some added complexities. ++++++++++++++++++++ Zaigui Wang [zaigui@yahoo.com] ++++++++++++++++++++ There seems to be two possible solutions: 1. use LDAP. Sun's recently LDAP enhancement to Solaris 8 has make the Password policy management fully functional. 2. apply, again, the latest LDAP enhancement (only to Solaris 8 and 9) and tweak the new pam.conf file and insert your own password variation checking module. While it seems complex, there are examples you can follow. Refer to Sun blueprint 10/02 on PAM. It has sample code "comparison.c". If you have problem find the source code, let me know. I do have a copy. You can just compile that and install as instructed. Neither solution will help you though on solair systems below 8. ++++++++++++ Original Questions: ++++++++++++ Has anyone found any methods to enforce password composition/complexity in a Solaris environment? We are using versions 2.6 through 9, though will be moving to 8 and 9 only in the near future (software requirements force us to maintain a maximum of Solaris 8). By composition / complexity, I mean things like forcing upper and lower case, use of numeric/symbol characters, and possibly a method to do a dictionary check on the password. The dictionary check would be nice to ensure that the password, or any part of the password, is not a common English word, and is optional to my needs, but would be a bonus. My other query is about auto-lockouts after a number of invalid login attempts. I know about the /etc/default/login, but that doesn't really suite my needs. I'd like it so that if there are three bad password attempts on a given account within a given, arbitrary, amount of time, the account is locked from further use until administrator intervention. This can be done in Windows NT/2000 (sorry for mentioning the 'W' word), so I hope there is a method to do this in Solaris as well. We are currently using static passwd/shadow files on each system, though we are working on migrating to LDAP for authentication across Windows and Solaris to get a single username/password-type setup. _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Mon Mar 31 20:06:34 2003
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:07 EST