-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jesse, Rich wrote: > 1) 30 day lifetime > 2) Minimum length of 12 (eep!)
This two is not a problem on every linux box > 3) No reuse of passwords (keep password history) In this case i got a problem which app could provide such functionality > 4) Check password for dictionary and common variants (e.g. username) Some proxy between passwd and shadow / PAM ? > 5) Do not use system-generated passwords Do you follow that example with 30 sign password? > 6) Teach users to use an algorithm to generate passwords. User training is very important but even if you prepare good training plan not every one would use it. So we have to force them to use our policy with 1-5 points from above. Thank you for good example of logical and usable in theory password policy. Now I have to search for implementation of points 3 and 4. - -- Paweł Madej aka Nysander Member of QuanTeam | RLU #357047 http://wiki.quanteam.info | Gentoo Linux User http://forum-farmaceutyczne.org | GPG key: 5861680B | keyserver: http://pgp.mit.edu Kielce, Poland | UTF-8 Email Preferred Looking to buy: 6x 73 GB UW3/Ultra160 SCSI 80 pin (SCA) ..::||::.. pair of PentiumIII Slot1 1GHz/ FSB 100 processors ..::||::.. 2x 256 MB SDRAM ECC Registered Got any of this mail me, with prize and shipping costs. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFDzne6gvSMglhhaAsRAusvAJ9R3UcBPHUh9Tc85DqdsCv8r9+iaQCgtECZ XJgsLIRswbCHOhfKONgw1CQ= =X7bG -----END PGP SIGNATURE----- -- [email protected] mailing list
