[SunHELP] User Level Security
DAUBIGNE Sebastien - BOR
sunhelp at sunhelp.org
Tue Nov 27 10:01:37 CST 2001
For c) and d) solaris password aging can do that.=20
Have a look at the shadow(4) manpage for details.
For 2, 3, a, b and e, Solaris (at least 2.6) has no standard tools for
password rules (as far as I know).
Maybe you could install "Anlpasswd" which offers a replacement for
/bin/passwd and /bin/yppasswd.
It's written in Perl, and enforces many password security rules =
("crack"
dictionnary, etc.).
Here follows an announcement for Anlpasswd :
----=20
Announcing "ANLpasswd" (formally perl-passwd2).
While other programs check for bad passwords after the fact, it is
important to have good passwords at all times, not just after the
latest Crack run. To this end we have modified Larry Wall's Perl
password program and added;
"ypsmarts", so that it does the intelligent thing in an NIS
environment,
it allows for gecos changes, and also
checks a sorted list of all the "bad passwords".
The list of bad passwords are ALL the words that Crack will generate,
given all the dictionaries that we could get our hands on (107 MB of
unique words, so far). The combination of improvements has turned
publicly available code into a powerful tool that can aid sites in the
maintenance of local security.
We have presented this code at SURF 92 and SUG 92. It has also been
referenced in _Unix Review_.
We have been using it for a year now and haven't had any major
problems. I know that a couple other sites are also using it. It
currently runs on: Sun, IBM, NeXT, SGI, Intel iPSC860, Alliant,
Encore, BBN TC200, Solbourne, Sequent.
Also if you enter a reasonable email address to our not-so-anonymous
ftp server, we will notify you of any updates.
It can be anonymous ftp'd from:
info.mcs.anl.gov
You'll find the whole package in:
/pub/systems/anlpasswd-2.2.tar.Z
If you find it useful, please let us know. Also please let us know of
any improvements you may add.
--Mark
Mark Henderson Building 203 Room =
C-250
Manager, Advanced Computing 9700 South Cass Avenue
Argonne National Laboratory Argonne, Illinois 60439
Support at mcs.anl.gov
---
Sebastien DAUBIGNE=20
sebastien.daubigne at sema.fr <mailto:sebastien.daubigne at sema.fr> - (+33)
(0)5.57.26.56.36
Sema Global Services - AFM/DW/Pessac
-----Message d'origine-----
De: vijayan gangadharan [SMTP:vijayan_g_2000 at yahoo.com]
Date: mardi 27 novembre 2001 14:45
=C0: sunhelp at sunhelp.org
Objet: [SunHELP] User Level Security
Hi,
We would like to implement few basic user level
security based upon the passwords.
We want to know that, whether it is possible to
implement an additional security with respect to User
access to the system other than traditional level of=20
security at user level - which checks basic login
identification, authentication(password checking) and
file permission's.
Is it possible to implement the following :
1. Lock the login/user after n successful tries for
password
2 User cannot user same password for next n changes
3 Specific user defined words cannot accept as
password(ex:abc123,xyz456
etc)
apart from the normal requirement :
=20
a) Minimum Password length
b) Maximum Password length
c) Time duration before a password can be used again
d) System should prompt the user to change his OS
password after x number
of days, after x number days user not changed his
password system should
expiry the password.
e) Null passwords cannot be accepted
If the users account gets locked/forgets his password
(normal user not the root or the admin ), is there any
way we unlock the account without directly accessing=20
the password or shadow file=20
Thanks & regards,
Vijayan.G
__________________________________________________
Do You Yahoo!?
Yahoo! GeoCities - quick and easy web site hosting, just
$8.95/month.
http://geocities.yahoo.com/ps/info1
_______________________________________________
SunHELP maillist - SunHELP at sunhelp.org
http://www.sunhelp.org/mailman/listinfo/sunhelp
More information about the SunHELP
mailing list