Professional Web Applications Themes

Enforcing password policy on Solaris 8/9 - Linux / Unix Administration

Hi, We're looking at the possibilities to implement our "Authentication and Password Policy" on Solaris systems. We have mainly Solaris 8 systems much more than Solaris 9 systems. My question is if it is possible to implement such policy stated below: -- Passwords that validate a candidate username's access to <ourCompany> systems shall be at a minimum six characters in length for functional users, 8 characters for administrators. Passwords shall include at least two alphabetic, one numeric or special character (e.g., an asterisk or a dash), and may contain at least one upper case and one lower case character. Systems ...

  1. #1

    Default Enforcing password policy on Solaris 8/9

    Hi,

    We're looking at the possibilities to implement our "Authentication and
    Password Policy" on Solaris systems. We have mainly Solaris 8 systems
    much more than Solaris 9 systems.

    My question is if it is possible to implement such policy stated below:

    --
    Passwords that validate a candidate username's access to <ourCompany>
    systems shall be at a minimum six characters in length for functional
    users, 8 characters for administrators. Passwords shall include at
    least two alphabetic, one numeric or special character (e.g., an
    asterisk or a dash), and may contain at least one upper case and one
    lower case character. Systems shall prohibit the use of simpler
    passwords.
    --

    I wonder if anyone has experience with this kind of implementation on
    Solaris 8/9 systems. If yes, would you recommend local solution (via
    PAM modules) or
    Identity Management (i.e. LDAP autentication) usage?

    Thanks in advance,

    -Bora

    BoraBaysal Guest

  2. #2

    Default Re: Enforcing password policy on Solaris 8/9

    Bora,

    Take a look at npasswd:
    http://www.cert.org/security-improvement/implementations/i028.05.html

    HTH

    gmburns@gmail.com Guest

  3. #3

    Default Re: Enforcing password policy on Solaris 8/9

    In article <googlegroups.com>,
    "com" <com> wrote:
     

    Does this work with SSH? I'd heard not.

    --
    DeeDee, don't press that button! DeeDee! NO! Dee...



    Michael Guest

  4. #4

    Default Re: Enforcing password policy on Solaris 8/9

    Yes I've heard npasswd but couldn't see SSH in the docs. I believe it's
    not supported.

    -Bora

    BoraBaysal Guest

  5. #5

    Default Re: Enforcing password policy on Solaris 8/9

    In article <googlegroups.com>,
    BoraBaysal <com> wrote:
    | Yes I've heard npasswd but couldn't see SSH in the docs. I believe it's
    | not supported.
    |
    | -Bora

    All npasswd does is check the quality of passwords for you when your
    users change their passwords. This checking can certainly work in the
    context of SSH use.

    The real question is, 'where are your passwords stored'? npasswd
    comes with support for /etc/passwd, /etc/shadow, and NIS use, as I
    understand it. It does not support NIS+, and it won't support LDAP
    out-of-the-box.

    On the other hand, npasswd does come with the support necessary to use
    it as a library. We have incorporated npasswd password checking into
    our network information management system here
    (http://www.arlut.utexas.edu/gash2/), and it does very well for us in
    checking password quality, tracking attempts at password re-use, etc.

    We depend on our Ganymede software to get the passwords where we need
    them to go (NIS, Active Directory, RADIUS, tacacs+, etc.),
    however.. npasswd doesn't do any of that.

    Jon

    --
    -------------------------------------------------------------------------------
    Jonathan Abbey utexas.edu
    Applied Research Laboratories The University of Texas at Austin
    GPG Key: 71767586 at keyserver pgp.mit.edu, http://www.ganymeta.org/workkey.gpg
    Jonathan Guest

  6. #6

    Default Re: Enforcing password policy on Solaris 8/9

    Thanks for the reply.

    All we need to check is password quality checking on UNIX systems
    (mainly Solaris 8/9 boxes and some Tru64 & HP-UX boxes) for now.

    We also have a Novell's IDM (Identity Mgmt) project in progress in
    order to manage all identities enterprise-wide. It's a long process and
    before integrating UNIX identities into IDM, we're trying to find a
    quick way to implement just password quality checking on UNIX boxes
    which would conform the policy IS department wants from us.

    I believe npasswd would do the job.

    -Bora

    BoraBaysal Guest

  7. Moderated Post

    Default Re: Enforcing password policy on Solaris 8/9

    Removed by Administrator
    Jonathan Guest
    Moderated Post

Similar Threads

  1. AD password policy in Forms auth against AD
    By Nils Magnus Englund in forum ASP.NET Security
    Replies: 3
    Last Post: December 18th, 05:40 PM
  2. Password policy issue
    By Scott in forum Windows Server
    Replies: 2
    Last Post: August 10th, 05:39 PM
  3. password policy un-editable
    By John in forum Windows Server
    Replies: 5
    Last Post: August 6th, 12:53 AM
  4. Cannot edit Password Policy even Administrator
    By disk0nek in forum Windows Server
    Replies: 2
    Last Post: August 3rd, 10:02 AM
  5. Replies: 2
    Last Post: July 4th, 06:25 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139