Guidance using pam_passwdqc module and Army Regulation 25-2
Solar Designer
solar at openwall.com
Sat Aug 21 01:48:47 UTC 2004
On Fri, Aug 20, 2004 at 05:24:10PM +1200, William Brower wrote:
> This is re-opening an old thread (June 2004), but I now have
> clarification on the language within the US Army Regulation 25-2
> regarding required password strength.
I appreciate this, thanks.
> Given this requirement, would there be any consideration given by the
> pam_passwdqc maintainers to modify the tool to help us enforce AR25-2 ?
> Specifically, pam_passwdqc would have to be able to require N characters
> from a given character set, as opposed to 0 or 1 as it now does.
Yes, I'll consider this enhancement, although I find this requirement
of AR25-2 unreasonable. But no promises yet. I'd need to find some
"spare" time for this (unless your organization would be willing to
sponsor the next release of pam_passwdqc :-) ), I'd need to make a
determination of whether I do the minimum to satisfy the regulation or
whether I implement something more generic, and I'd need to come up
with a good name and syntax for the command-line option.
--
Alexander
More information about the Pam-list
mailing list