In message <AFB399ACC132D511A0F700508B6FC8D201579702mail.bankofamerica.com>, "Robinson, Rick" cleopede:
>Can anyone suggest what the best way to enforce strong passwords on a
>FreeBSD system is? We would like to add the functionality to our system to
>require users to have at least one alpha character and one numeric character
>in their passwords. And if possible also require them to use special
>characters in their passwords. I know we can try password cracking as a way
>to ensure strong passwords, but I think we want to go with a more proactive
>approach.
>
>I looked at the login.conf man page, but it looks like the only option
>available is to require mixed case passwords. I also looked briefly at
>Npasswd+, but had trouble getting that to compile on FreeBSD. Any
>suggestions you might have would be greatly appreciated.

I think the most straightforward way would be to hack your copy of
/usr/src/usr.bin/passwd/local_passwd.c to enforce whatever you
want. If you go in there, you will probably also notice that the
"requirements" of minimum length and not-all-lower-case can be
overridden by persistent users--this "kindness" you could, of
course, get rid of as well.

Actually, I suppose someone could add a new login-conf flag called
"nopasswordmercy" or something that enforced minpasswordlen and
mixpasswordcase much more strictly than presently--maybe others
would find this useful???

Greg Shenaut

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]