[Samba] weak passwords
Sven Schwedas
sven.schwedas at tao.at
Tue Oct 6 15:46:48 UTC 2015
On 2015-10-06 15:03, mourik jan c heupink wrote:
> But the issue is: we have many users that do not login locally using
> windows-workstations, but instead use variour kinds of remote access,
> like web interfaces, email, vpn, etc, etc.
Food for thought: Can you plug a password checker into one of those?
That way, it'll be non-intrusively checked whenever users log in somewhere.
pam_cracklib sadly seems to be a bit limited (asks for password twice,
which will break a lot of use cases), but something like that would
work: Before comparing the password hashes, feed the plaintext password
to cracklib or similar and log its output (preferably without the plain
text password…) somewhere.
>
> I am not sure what would happen with those services, if I would set
> accounts to 'change password on next logon'...
>
> I know this would work in the case of 'regular' 'interactive logons' as
> I think samba logs call them..
>
> MJ
>
> On 6-10-2015 14:47, Rowland Penny wrote:
>> On 06/10/15 13:32, mourik jan c heupink wrote:
>>> Hi,
>>>
>>> Is it possible to test our AD for weak passwords?
>>>
>>> We have set max password age, and password complexity etc. However, we
>>> would like to know that the passwords that are CURRENTLY still in the
>>> system are good or weak.
>>>
>>> Perhaps some kind of tool to test dictionary passwords etc, but
>>> preferably locally on the /var/lib/samba databases to not lockout the
>>> accounts due to too many failed passwords.
>>>
>>> Suggestions?
>>>
>>
>> Why test, just make everybody change their password at next login, this
>> way they will be complex passwords. :-)
>>
>> Rowland
>>
>>
>
--
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas
Systemadministrator
TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
Mail/XMPP: sven.schwedas at tao.at | +43 (0)680 301 7167
http://software.tao.at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 648 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20151006/bfa7acb4/signature.sig>
More information about the samba
mailing list