Re: Checking New Password
On Tue, Apr 20, 2004 at 06:32:13AM +0100, Zen wrote: Being new to BSD I was wandering if someone can point me in the correct direction. I want to let users to change their own passwords. But I do not want them to use things like cat dog or dictionary names. Could some one point me in the correct direction please. I would like to use some thing like 6-8 characters with number and upper and lower case letters Checkout the security/checkpassword-pam port. http://checkpasswd-pam.sourceforge.net/ Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: Checking New Password
On Tue, Apr 20, 2004 at 08:17:20AM +0100, Matthew Seaman wrote: On Tue, Apr 20, 2004 at 06:32:13AM +0100, Zen wrote: Being new to BSD I was wandering if someone can point me in the correct direction. I want to let users to change their own passwords. But I do not want them to use things like cat dog or dictionary names. Could some one point me in the correct direction please. I would like to use some thing like 6-8 characters with number and upper and lower case letters Checkout the security/checkpassword-pam port. http://checkpasswd-pam.sourceforge.net/ Dammit. No, don't bother checking that: it's something different. Doesn't do what you want at all. However, using pam modules to enforce good standards for passwords is the way to go. But I can't see anything appropriate in the ports collection. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: Checking New Password
These may be helpful: http://www.onlamp.com/pub/a/bsd/2003/10/30/FreeBSD_Basics.html http://www.onlamp.com/pub/a/bsd/2001/01/17/FreeBSD_Basics.html Marshall -- Marshall Pierce Harvey Mudd College '06 [EMAIL PROTECTED] On Apr 20, 2004, at 12:26 AM, Matthew Seaman wrote: On Tue, Apr 20, 2004 at 08:17:20AM +0100, Matthew Seaman wrote: On Tue, Apr 20, 2004 at 06:32:13AM +0100, Zen wrote: Being new to BSD I was wandering if someone can point me in the correct direction. I want to let users to change their own passwords. But I do not want them to use things like cat dog or dictionary names. Could some one point me in the correct direction please. I would like to use some thing like 6-8 characters with number and upper and lower case letters Checkout the security/checkpassword-pam port. http://checkpasswd-pam.sourceforge.net/ Dammit. No, don't bother checking that: it's something different. Doesn't do what you want at all. However, using pam modules to enforce good standards for passwords is the way to go. But I can't see anything appropriate in the ports collection. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK
Re: Checking New Password
Marshall Pierce wrote: These may be helpful: http://www.onlamp.com/pub/a/bsd/2003/10/30/FreeBSD_Basics.html http://www.onlamp.com/pub/a/bsd/2001/01/17/FreeBSD_Basics.html If I may just raise a small caution flag with regard to the top article/application. The author states: ...don't panic over the telnet word. The insecure telnet service isn't running on ... The major insecurities in telnet are still present using this method of generating passwords. Instead of a sniffer getting the actual password, they get a list of six. Note that this is only using the network version, not the client side system. On the other hand, wrapping the communication with the server in ssl sounds like a very good solution for user passwords. You could even use a website in perl over https. HmmmI know what I'll be doing for the next few hours. :) -- Benjamin Meade System Administrator LanWest Pty Ltd Ph: +61 (8) 9440 3033 Fax: +61 (8) 9440 3370 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]