Hi! This is the ezmlm program. I'm managing the bugtraq@securityfocus.com mailing list. I'm working for my owner, who can be reached at bugtraq-owner@securityfocus.com. Messages to you from the bugtraq mailing list seem to have been bouncing. I've attached a copy of the first bounce message I received. If this message bounces too, I will send you a probe. If the probe bounces, I will remove your address from the bugtraq mailing list, without further notice. I've kept a list of which messages from the bugtraq mailing list have bounced from your address. Copies of these messages may be in the archive. To retrieve a set of messages 123-145 (a maximum of 100 per request), send an empty message to: <bugtraq-get.123_145@securityfocus.com> To receive a subject and author list for the last 100 or so messages, send an empty message to: <bugtraq-index@securityfocus.com> Here are the message numbers: 6426 --- Enclosed is a copy of the bounce message I received. Return-Path: <> Received: (qmail 26483 invoked from network); 17 Sep 2002 15:48:23 -0000 Received: from unknown (HELO securityfocus.com) (205.206.231.9) by 205.206.231.19 with SMTP; 17 Sep 2002 15:48:23 -0000 Received: (qmail 6855 invoked by alias); 17 Sep 2002 13:19:40 -0000 Received: (qmail 5717 invoked from network); 17 Sep 2002 13:19:22 -0000 Received: from unknown (HELO outgoing.securityfocus.com) (205.206.231.26) by 205.206.231.9 with SMTP; 17 Sep 2002 13:19:22 -0000 Received: by outgoing.securityfocus.com (Postfix) id C336B9E944; Mon, 16 Sep 2002 13:06:04 -0600 (MDT) Date: Mon, 16 Sep 2002 13:06:04 -0600 (MDT) From: MAILER-DAEMON@outgoing.securityfocus.com (Mail Delivery System) Subject: Undelivered Mail Returned to Sender To: bugtraq-return-6426-list-bugtraq=spinics.net@securityfocus.com MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="583F78F2CC.1032202999/outgoing.securityfocus.com" Message-Id: <20020916190604.C336B9E944@outgoing.securityfocus.com> This is a MIME-encapsulated message. --583F78F2CC.1032202999/outgoing.securityfocus.com Content-Description: Notification Content-Type: text/plain This is the Postfix program at host outgoing.securityfocus.com. I'm sorry to have to inform you that the message returned below could not be delivered to one or more destinations. For further assistance, please send mail to <postmaster> If you do so, please include this problem report. You can delete your own text from the message returned below. The Postfix program <list-bugtraq@spinics.net>: Name service error for spinics.net: Host not found, try again --583F78F2CC.1032202999/outgoing.securityfocus.com Content-Description: Delivery error report Content-Type: message/delivery-status Reporting-MTA: dns; outgoing.securityfocus.com Arrival-Date: Fri, 13 Sep 2002 08:01:31 -0600 (MDT) Final-Recipient: rfc822; list-bugtraq@spinics.net Action: failed Status: 4.0.0 Diagnostic-Code: X-Postfix; Name service error for spinics.net: Host not found, try again --583F78F2CC.1032202999/outgoing.securityfocus.com Content-Description: Undelivered Message Content-Type: message/rfc822 Received: from lists.securityfocus.com (lists.securityfocus.com [66.38.151.19]) by outgoing.securityfocus.com (Postfix) with QMQP id 583F78F2CC; Fri, 13 Sep 2002 08:01:31 -0600 (MDT) Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm Precedence: bulk List-Id: <bugtraq.list-id.securityfocus.com> List-Post: <mailto:bugtraq@securityfocus.com> List-Help: <mailto:bugtraq-help@securityfocus.com> List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com> List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com> Delivered-To: mailing list bugtraq@securityfocus.com Delivered-To: moderator for bugtraq@securityfocus.com Received: (qmail 14773 invoked from network); 13 Sep 2002 00:56:11 -0000 Date: Fri, 13 Sep 2002 02:12:23 +0100 From: Nick Lamb <njl98r@ecs.soton.ac.uk> To: "Greg A. Woods" <woods@weird.com> Subject: Re: Password Security Policy Question Message-ID: <20020913021223.A25622@ecs.soton.ac.uk> Mail-Followup-To: "Greg A. Woods" <woods@weird.com>, bugtraq@securityfocus.com References: <Pine.LNX.4.21.0209101131110.4471-100000@dt26453.dstsystems.com> <Pine.LNX.4.44.0209102029360.1985-100000@dent.suse.de> <20020911010757.4B19FAC@proven.weird.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="7AUc2qLy4jB3hD7Z" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020911010757.4B19FAC@proven.weird.com>; from woods@weird.com on Tue, Sep 10, 2002 at 09:07:57PM -0400 --7AUc2qLy4jB3hD7Z Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Tue, Sep 10, 2002 at 09:07:57PM -0400, Greg A. Woods wrote: > I'm still amazed that nothing has been done with my submitted patches > since, not in NetBSD nor in any of the other free unix systems so far as > I know. The default settings in modern Red Hat and Red Hat-like systems do use Cracklib to prevent users from choosing very low quality passwords. The autogenerated PAM configuration on my Red Hat 7.3 system says... password required /lib/security/pam_cracklib.so retry=3 Sure enough I can't change my password to 'guess' or 'password' or '01234567' using either the GUI or the passwd program. It's not as friendly as Mozilla's "password goodness meter" but it will suffice. Apparently there are moves afoot to replace or augment Cracklib with Solar Designer's pam_passwdqc in some future version of Red Hat Linux. Nick. --7AUc2qLy4jB3hD7Z Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9gTt2JL0BVnQb59gRAi0SAKCvBeKs3y+9dcd8AUm6tAi19WN6dQCgncku dm/+5A0Uue4UTo+c3NpSQWk= =xO64 -----END PGP SIGNATURE----- --7AUc2qLy4jB3hD7Z-- --583F78F2CC.1032202999/outgoing.securityfocus.com--