All; Many thanks to all that responded -- though I have to say, I find myself not much further along. All but two of the respondents recommended periodic cracking of passwords and forcing people whose passwords are easily cracked to change them -- though this is what we already do and I'm trying to get something more proactive in place! One person recommended anlpasswd and another said to use npasswd. I'm familiar with these passwd wrappers but, I have to say, it seems extraordinary to me that Solaris provides nothing (native) other than the default PAM module, which allows for incredibly lame passwords. I did go to openwall.com (John the Ripper site) and downloaded the pam_passwdqc PAM module, which I got to work but is pretty draconian and may not be practical for most environments. Anyway, that's my summary -- such as it is. I will summarize again if anyone responds with something other than password cracking and open-source wrappers. Thanks again to all. --------------------------------- Original Message: Hello, All... OK, I think I'm so close to having an answer to this, but can't seem to make the final step. I'm cracking down on the lame passwords people have been selecting and I know I can achieve that through PAM and via /etc/pam.conf -- but for the life of me I can't figure out how to get it done. I know it has to have something to do with an extended Password Management module that forces something like a dictionary check, but I'm at a loss at this point. We're mostly Solaris 8 with a few 9 installations and a few legacy 2.6 systems. Right now, the default config forces a password of at least 6 characters and at least one numeric or special character... But that's not enough as someone could still get away with their first or last name and just add a number to it -- which John the Ripper gets in about 5 seconds! Can anyone help with some advice on how to further strengthen my systems' password checking? Many thanks in advance -- will summarize as this has been incredibly hard to get detailed information on! __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free web site building tool. Try it! http://webhosting.yahoo.com/ps/sb/ _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Sat Jan 31 22:18:45 2004
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:27 EST