Hi,
My original question:
> Can anyone tell me if it's possible to prevent
> users using repeat characters in passwords on DIGITAL
> UNIX, i.e. to prevent passwords of the form MMMMmmmm,
> or any password containing the same character more
> than once.
>
> I've searched through the relevant man pages and the
> (C2) Security manual without finding anything. I've
> also searched through the archives of this list, so I
> really would appreciate some help from some of you
> wizards out there.
>
Many thanks to the contributors, Alan Davis and Jane Kramer.
>From what I can gather, the short answer (i.e within C2 Security functionality) to my posting is NO.
As the contributors point out, there are other ways and means of attempting to securely restrict password usage.
Unfortunately I don't have a copy of the article referred to by Alan to comment on its usefulness.
Regards,
Declan Lennon
Date: Fri, 11 Sep 1998 13:07:07 -0400
From: Jane Kramer <Jane.Kramer_at_oberlin.edu>
Subject: Re: Preventing repeat characters in passwords
Organization: Oberlin College
To: Declan Lennon <declan.lennon_at_mailexcite.com>
Declan Lennon wrote:
> Hello Gurus,
>
> Can anyone tell me if it's possible to prevent users using repeat
characters in passwords on DIGITAL UNIX, i.e. to prevent passwords
of the form MMMMmmmm, or any password containing the same character more than once.
>
> I've searched through the relevant man pages and the (C2) Security
manual without finding anything. I've also searched through the archives
of this list, so I really would appreciate some help from some of you wizards out there.
>
I'm using a modified version of the Perl password changing program
in O'Reilly's "Programming Perl" book. I was disappointed that DEC's
Enhanced Security permits passwords containing information from the GEOCS field (your name,
for instance), in addition to passwords like you mentioned.
Jane Kramer
--
====================================================================
Jane Kramer
Computer Systems Manager, Oberlin College
Jane.Kramer_at_oberlin.edu
440-775-6929
====================================================================
Date: Fri, 11 Sep 1998 13:37:42 -0400
From: Alan Davis <Alan.Davis_at_digital.com>
Subject: RE: Preventing repeat characters in passwords
To: Declan Lennon <declan.lennon_at_mailexcite.com>
Declan,
The C2 passwd triviality checks may be configured
to force certain tests. See the acceptable_password
man page.
There is an article in SysAdmin magazine Aug 1998
issue called "Securing UNIX Passwords" that details
a more rigorous passwd authentication system.
Alan Davis
Compaq Services
Free web-based email, Forever, From anywhere!
http://www.mailexcite.com
Received on Mon Sep 14 1998 - 17:52:25 NZST