[SunHELP] root passwd expired

Sheldon T. Hall shel at tandem.artell.net
Wed Nov 30 16:16:16 CST 2005


Quoth stephen price ...
[I said ...]
> > Lemme ask that another way ... Why have root's
> > password expire at all?  What
> > benefit do you get from root password expiration?
> >
>
> Answer - compliance with a whole list of federal
> government, military, financial or general industry
> "must-comply" regulations, standards, procedures and
> documents, depending upon your industry and product.
>
> Here's a few examples of regulations/standards I run
> into that compliance auditors will reference that
> require root password expiration::
>
> 1) sarbanes-oxley (sox)
> 2) gramm-leach-bliley act (glba)
> 3) national industrial security program operating
> manual (nispom)
> 4) health insurance portability and accountability
> (hipaa)
> 5) federal financial institutions examination council
> (ffiec)

Just gag me with a spoon full of porkbarrel with ridiculous-intrusion sauce.

I have some passing acquaintance with HIPAA, but of the others I'm
blissfully ignorant.  In all cases, though, it would seem wiser to specify
the result of security measures, rather than having committees of
non-technical people dictate the measures themselves.  I can't imagine that
the scheduled changing of a password makes it any more secure that a
well-chosen password that's properly guarded and changed when conditions
require.

Auditor:	"What's the root password?"
Me:		"Damfino"
Auditor:	"How do you log in, then?"

-Shel

PS:  I hear that passwords with lots of embedded backspaces are more secure
than those without.



More information about the SunHELP mailing list