[Samba] Forcing Users to change passwords.

Peter Ulrich Kruppa kruppa at pukruppa.net
Fri Dec 12 16:34:15 GMT 2003 

On Fri, 12 Dec 2003, Todd O'Bryan wrote:

> Does anyone know of an add-on you can use with a Windows domain to
> check the security of the password before it allows a change? With a
> terminal server system I had, the server complained if the password was
> too close to a dictionary word, too close to the student login, 7
> digits (i.e., looked like a phone number), etc.
>
> I'm sure my students (I teach high school, too) have picked really bad
> passwords, too, but I have no good way to enforce the picking of good
> ones.
I wouldn't worry about that: My students either forget their
passwords automatically after 90 days or they tell them their 15
best friends.
The only real security problem are my colleagues: they write them
on the cover of their calendars.
Better watch out which permissions you give to whom.

Regards,

Uli.


>
> Todd
>
> On Dec 12, 2003, at 3:30 AM, Ross McInnes (Systems) wrote:
>
> > i totally agree. unfortunatly my user base is mostly 16-18 year olds.
> > getting them to put anything other than thier football team, phone
> > number
> > or boyfriend/girlfriend's name is quite a task in it self.
> >
> > Many Thanks
> >
> > Ross McInnes
> >
> > On Wed, 10 Dec 2003, Todd O'Bryan wrote:
> >
> >> What's the latest research on this? I heard it's better to make users
> >> pick something secure and stick with it, because if you force people
> >> to
> >> change, they're likely to pick less secure passwords and do stupid
> >> things with them, like write them down or something. Changing every 3
> >> months doesn't seem terrible, but it's still a big pain.
> >>
> >> Todd O'Bryan
> >> On Dec 10, 2003, at 8:28 AM, Ross McInnes (Systems) wrote:
> >>
> >>> Recently we were audited and as part of that they looked at our
> >>> systems
> >>> and policies etc and produced a report.
> >>>
> >>> As part of that report they mentioned about forcing users to change
> >>> thier
> >>> passwords every 90 days or so.
> >>>
> >>> They also mentioned about disabling accounts after 3 login attempts.
> >>>
> >>> Im pretty sure both can be done on NT, but id rather stick with rh
> >>> and
> >>> samba thanks ever so much.
> >>>
> >>> Can samba does these things? even if its a tinkering kind of job?
> >>>
> >>> Many thanks
> >>>
> >>> Ross McInnes
> >>>
> >>> --
> >>> To unsubscribe from this list go to the following URL and read the
> >>> instructions:  http://lists.samba.org/mailman/listinfo/samba
> >>
> >>
> >
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>

		+-------------------------+
		|   Peter Ulrich Kruppa   |
		|      - Wuppertal -      |
		|         Germany         |
		+-------------------------+

More information about the samba mailing list