On 11/2/2010 9:40 PM, Jesús M. Navarro wrote:
Hi, lee:
On Tuesday 02 November 2010 21:26:54 lee wrote:
On Mon, Nov 01, 2010 at 06:29:03PM -0500, Ron Johnson wrote:
On 11/01/2010 04:45 PM, Jesús M. Navarro wrote:
Hi, Ron:
On Monday 01 November 2010 18:49:01 Ron Johnson wrote:
[...]
If someone learns my password on day 2, they have full access to my
account for 74 days, or I must beg for SysAdmin help?
"Minimum number of days" isn't a very bright idea.
It is, for a low minimum number.
The rationale is to avoid the user reusing passwords: Ok, so my password
is 12345678 and I must change it now? Let's do it: 87654321; but
immediately I change back again.
The way to do it is to have a record in your password db of the
hashes of each user's last N passwords.
Not a serious expert, but: Bad policy? (Keeping unnecessary histories
of *anything* would tend to weaken security. Wouldn't it?)
BTW, how do you do that?
AFAIK you can't, at least with files backend (but that's a different issue).
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4cd0cfd5.3020...@allums.com
