Re: [Fed-Talk] Re: Local account password policies
Re: [Fed-Talk] Re: Local account password policies
- Subject: Re: [Fed-Talk] Re: Local account password policies
- From: Boyd Fletcher <email@hidden>
- Date: Mon, 20 Sep 2004 23:38:38 -0400
Though CACs are used in DOD, they are only lightly used for authenticating
usees to desktops and then only on the NIPRnet. CAC use is generally not
allowed on classified nets. So a strong password policy enforcement
mechanism is needed for both local and directory service accounts (including
admin and root users) for the foreseeable future (3-5 years). And just
because a site uses CACs for authentication, doesn't mean they don't use
passwords too - many sites use both.
boyd
On 9/20/04 9:10 PM, "Shawn Geddis" <email@hidden> wrote:
> On Sep 10, 2004, at 1:34 PM, Seyberth Allan R Contr AFRL/VSIO wrote:
>
>> Hey there,
>>
>> Is it possible to natively force all local passwords on 10.3 to be
>> strong - ie 9-14 characters with complexity and non-repeat options?
>
> Allan,
>
> As noted by others, Mac OS X v10.3.x does not provide Password Policy
> Enforcement on Local Accounts.
>
> Then again, you are part of Air Force which is part of DoD and
> everything is suppose to be using Smart Cards (CAC) right ?
>
> Is there a general rule where Passwords are still being used in place
> of Smart Cards or other hardware tokens ?
>
> -Shawn
> ___________________________________________
> Shawn Geddis T (703) 264-5103
> Security Consulting Engineer C (703) 623-9329
> US Federal Government email@hidden
>
> Apple Computer, Inc.
> 1892 Preston White Drive T (703) 264-5100
> Reston, VA 20191
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden