Re: Re: enforce strong passwords

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Howard Chu wrote:


Message: 5 Date: Thu, 19 Jan 2006 14:25:16 -0700 From: Richard Megginson <rmeggins@xxxxxxxxxx> Jo De Troy wrote: > Hello,

>
> I was wondering if anyone was looking into enforcement of strong > passwords. > I'm not a hardcore C programmer but I'm willing to help. But first > I'll have to try in getting the current version compiled.
> I'm certainly willing to do some testing.


Funny you should mention that. We're looking at that issue right now. What sort of things would you want to check for?
min number of lower case
min number of upper case
min number of digits
min number of alphanumerics
min number of special chars
no user data in password
dictionary checking?  If so, how?  /usr/share/dict/words?


For OpenLDAP's password policy module we define an attribute in the policy object that gives the pathname of a dynamically loaded module that can perform further quality checks. We pass in the password that is being set, an error string pointer, and the user's current entry and get a yes/no result code back. I suggest a similar approach here; it's too limiting to just hardcode one set of rules into the server. (Heck, if we used SLAPI, we could write these modules interchangeably between OpenLDAP and FDS.) Symas currently has a module that checks against cracklib. You could bundle one or two standard modules and go from there. Probably we should have extended our API to include a pointer to the current policy object as well. The point is to make the API simple enough and expressive enough that end-users can plug in whatever constraints they want.

Yes. That's the intention - make password policy pluggable. It's going to be a bit more work to add the entry points to the code. We should support the attribute that you described.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users

[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux