I think (but I'm not positive) that what you're referring to is PAM. I checked and my Raq4 uses pam-0.72.
You can really get creative and fancy with PAM so that it uses very strict passwords. You can also alter it to authenticate against things other than /etc/passwd. However, I don't know if doing this will jive with the gui. If PAM doesn't like the password you chose, it'll give an error message. I don't know if this message will be passed back through to the user and if it does, will it be of use? If not, I saw somewhere someone did a neat trick with the shell specified for a user in /etc/passwd. It allowed no telnet access, but when the user tried to telnet in they had the ability to change their password and that was it. Once they changed their password, the normal "bad shell" effect kicks in. If you really wanted to use stronger passwords and the GUI won't allow it, you could try something like that. Just give the user's a link such as <a href="telnet:192.168.1.1">Change password</a> and hope that they have a default telnet client. I'm pretty sure every OS after Windows 3.1 had this. I've strayed from the point a little, so to sum it up, check into PAM. It really is a great tool. Matt -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jeff Lasman Sent: Sunday, April 14, 2002 4:09 PM To: [EMAIL PROTECTED] Subject: Re: [cobalt-security] RaQ needs to be more picky about passwords BobbyT wrote: > Comments? Suggestions? Scripts? > I await your replies. There's already a program on your RaQ to do that; I don't remember exactly what it is, but it's called by the passwd program (see "man passwd"). Sun, or you, could implement it. To see what I man run "passwd" from your nonprivileged user prompt, and try just typing in your name or a word from the dictionary. > P.S. Why doesn't the raq allow more than 8 characters in passwords? It > ignores anything past 8 that you enter. My root password ended up being > half the size. It depends on the RaQ. RaQ4, as I recall, uses a library that allows much larger passwords. However it's easy to generate a secure password in eight characters, and it's easy to generate an insecure password using many more characters. Jeff -- Jeff Lasman <[EMAIL PROTECTED]> Linux and Cobalt/Sun/RaQ Consulting nobaloney.net P. O. Box 52672, Riverside, CA 92517 voice: (909) 778-9980 * fax: (702) 548-9484 _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
