Re: [Fed-Talk] Re: Local account password policies
Re: [Fed-Talk] Re: Local account password policies
- Subject: Re: [Fed-Talk] Re: Local account password policies
- From: Steve Herman <email@hidden>
- Date: Tue, 21 Sep 2004 09:59:16 -0500
On Sep 21, 2004, at 9:45 AM, Michael Kluskens wrote:
On Sep 20, 2004, at 9:10 PM, Shawn Geddis wrote:
On Sep 10, 2004, at 1:34 PM, Seyberth Allan R Contr AFRL/VSIO wrote:
Is it possible to natively force all local passwords on 10.3 to be
strong - ie 9-14 characters with complexity and non-repeat options?
As noted by others, Mac OS X v10.3.x does not provide Password Policy
Enforcement on Local Accounts.
Then again, you are part of Air Force which is part of DoD and
everything is suppose to be using Smart Cards (CAC) right ?
Is there a general rule where Passwords are still being used in place
of Smart Cards or other hardware tokens ?
-Shawn
CAC's are only being used for Signing and encrypting email and
accessing private web sites. There is an additional requirement for
network logins to be PKI enabled (this is also something OS X 10.3
can't do). I haven't been able to find any requirement in the DOD or
DON directives for local desktop logins to be restricted to CAC cards
and certainly not at the site were I work. On top of that CAC cards
are not practical on small networks not connected to the DOD networks.
For logins into desktop machines we are required to change passwords
every 3 months and required to use passwords that contain upper &
lower case & numbers & symbols. Windows can enforce this requirement,
OS X 10.3 can not, that creates a problem.
Michael
As a contractor and supplier of desktop systems to NASA I'd just like
to add that we need the ability to provide these same capabilities
(password complexity and expiration rules) for our Macintosh customers.
Steve
--
Steve Herman
Macintosh Software Development and Support
Lockheed Martin Information Technology NASA/ODIN
102 Research Blvd, Building 2
Madison, AL 35758 (voice) 256 319-2869
mailto:email@hidden (fax) 256 319-2984
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden