[techtalk] password policy?

Nicole Zimmerman colby at wsu.edu
Tue Jun 19 10:54:36 EST 2001


Thanks Caity :o) 

<snip intro>

> chage -M 90 -W 10 <username>
> 
> will set the account of username to expire every 90 days and issue a
> warning that the password is going to expire 10 days in advance.  This
> command actually edits the /etc/shadow file to produce the desired results.

Will I have to do this for every username? Yes I can write a script (which
I have done a lot of lately), but if there is an easy way to do it
automatically that would be nice :o)

<snip the pam_cracklib stuff>

Good that I can use one tool to do it all, or at least most of it.  I
couldn't find the password policy explicit on our local win2k domain
controller, I think it is inherited from the peer-ish domain controller or
I would be able to get exact details on what the policy is beyond what is
in our written policy (win2k just says "meets complexity requirements" and
I couldn't navigate through the help for the life of me).

I'll have to dig up more on cracklib for appropriate use to meet/exceed
the windows policy. 

thanks again,
-nicole





More information about the Techtalk mailing list