Due to the increasing number of attacks on our password file, we're
forced with having to turn on Enhanced Security. In reviewing the
documentation, a few questions arise:
1) When enhanced security is enabled, are all existing passwords
considered to be expired? If so, how can one _not_ expire all
passwords?
2) On the first login after a password has expired, does the user
have a chance to change the password? If they do, is it one time
only? Or can they just keep trying until they succesfully
change their password?
3) The password triviality checks will check against the "spell"
dictionary. Can anyone point me to an enhanced dictionary designed
to filter bad passwords?
4) And lastly, for my own comfort, is their anyone succesfully running
U of W's IMAP, Qualcomm's POP daemon, and WU FTP, under OSF 3.2C, NIS
and enhanced security?
Thanks in advance for any assistance.
- Saul
--
Saul Tannenbaum, Manager, Academic Systems | "It's still rocket
stannenb_at_emerald.tufts.edu | science" - Vint Cerf
Tufts University Computing and |
Communications Services |http://www.tufts.edu/~stannenb
Received on Tue Dec 26 1995 - 17:33:06 NZDT