[REPOSTED as it never arrived on saturday, appologies if it later duplicates]
Hi all,
I have 2 questions below regarding the Raq3 and users Passwords:
I have browsed a Linux and Apache manual, but find nothing understandable (new to
Linux still) that gives me any pointers, and am hoping that someone in this list may
have seen/heard of this before. <preying>
Q1. Is it possible to set up user accounts, giving them different passwords for
different services on the Raq, i.e. Email, FTP, SSH .......
I guess your first question is "why?" Well I come from a mainframe environment
and have seen the impressive advantages of being able to have different passwords for
different services and the ability stop hacking from spreading quickly to other
services. (Damage Control)
The POP email and GUI logins (in fact all logins) concern me a little in that
encryption is not mandatory, so my feeling is that if my users have a SMALL selection
of services with different passwords, if one password (i.e. email) is compromised, a
would be hacker does not immediately gain access to SSH / FTP etc. etc., and is
limited to the current service and its privileges.
Q2. Is there any software on the Raq/Linux that is able to inform a user that their
password has not been changed for a specified length of time? And subsequently
close/suspend the account if the password is not changed within a specified time limit.
Regards
Kul
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
