password againg and other policy enforcement

Patrick Dung patrick_dkt at yahoo.com.hk
Sat Jun 30 18:56:55 UTC 2007


Thanks for reply.

pam_passwdqc has feature to enforce min password length, and the
combination. Also it can check the similarity with the current and new
password.

But tools to check when users password will expire is missing.
Also it cannot keep password history (password that the user had used).
The user can use password A, then user change to password B and then
change back to password A...

Regards
Patrick

--- Manolis Kiagias <sonicy at otenet.gr> wrote:

> Patrick Dung wrote:
> > I have some question about password policy in FreeBSD:
> >
> > 1. Administrator can enforce password expire in /etc/login.conf
> > Is there any tool that can check when the password will expire for
> the
> > users?
> >
> > 2. Any good way to enforce minimum password length and other
> > restriction(like password need at least 2 numbers, 2 special char)?
> >
> > 3. Any ways to prevent user reuse old password?
> >
> > Regards
> > Patrick
> >   
> These options have been moved to PAM (Pluggable Authentication
> Modules).
> Have a look at /etc/pam.d
> You will find a file called passwd
> Edit it and uncomment the line:
> 
> password        requisite       pam_passwdqc.so        ....
> 
> Change the options you require per the manual page
> 
> (man 8 pam_passwdqc)
> 
> A lot of restrictions can be placed on the password (history,
> complexity, number of chars / symbols and so on).
> 
> Manolis
> 
> 



       
____________________________________________________________________________________Ready for the edge of your seat? 
Check out tonight's top picks on Yahoo! TV. 
http://tv.yahoo.com/


More information about the freebsd-questions mailing list