On Thu, 8 May 1997, robertp @
hal-pc .
org wrote:
> The Sun's and Solaris workstations contain extremely sensitive
> information that we have protected Password protected. I'm trying to
> locate some type of an application that I can put on BOTH types of
> workstations to alert me when passwords are 30 days old and also
> send a message to the user that their password is about to expire.
> The only thing I'm aware of is NIS Plus that I can use on Solaris
> however, it will not work with the Sun's.
>
>From what i've seen running some form of password expiring only tends
to cause people to pick insecure passwords, especially if you force them
to change passwords too often. A better thing to do is to run crack
on your passwords on a regular basis, lock the accounts of those
who get their account cracked.
Install something like passwd+ that makes sure you can't pick a poor
password. Also make a script that checks the password field once a
month that sees if the password has been changed lately or not.
References:
|
|
