[Fedora-directory-users] enforce strong passwords
Nathan Kinder
nkinder at redhat.com
Thu Jan 19 22:35:21 UTC 2006
Jo De Troy wrote:
> Hi Nathan, Richard,
>
> I was thinking along the lines of pam_passwdqc, well part of it.
> The password should contain at least 3 different character categories.
> The categories being: lowercase, uppercase, special characters and numbers
Yes, I'm working on implementing this. The minimum number of categories
would be configurable by the administrator.
> Not specifically a minumum number of uppercase/lowercase/...
I'm making this configurable too. It'll be there, but you don't need to
use it.
> Off course there should be no user data in the password, it should not
> even contain the username as a substring. But I think that code is
> already in CVS. It's checking for cn, givenname, surname, ... attributes
We currently check is the password is equal to uid, cn, sn, givenname,
or ou. We do not check if it's a substring. I'm changing this behavior
to check if it's a substring.
> A dictionarry check would be nice but I would maybe make this optional.
> I guess that if we make the rules too stringent the enduser may complain
Default rules would be a minimum password length of 8 with a minimum of
3 character categories. It would also check the attribute values I
mentioned above if thos values are 3 or more characters in length (this
length would be configurable).
It sounds like this would meet your requirements.
-NGK
>
> Greetings,
> Jo
>
>------------------------------------------------------------------------
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users at redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
More information about the Fedora-directory-users
mailing list