Re: [Fed-Talk] Re: Local account password policies
Re: [Fed-Talk] Re: Local account password policies
- Subject: Re: [Fed-Talk] Re: Local account password policies
- From: Joshua Krage <email@hidden>
- Date: Tue, 21 Sep 2004 15:16:58 -0400
- Mail-followup-to: email@hidden
On Tue, Sep 21, 2004 at 02:33:03PM -0400, Michael Kluskens wrote:
> they are now MD5 hashes instead of the old Unix hashes.
> The 8 character limitation for passwords died with 10.2.x
But only for accounts that have changed the password since the upgrade.
If you upgrade, but do not change the password (bad practice but happens),
then the password is still in legacy crypt() mode, and the 8-character
truncation issue will appear.
And without the abilty to force password expiration, this can remain an
issue today.
Add another voice to the clamor for effective password enforcement routines
(complexity, age, force-reset, etc.). All of Apple's enterprise competitors
can do it today. PAM modules for this exist on other OSs.
--
------------------------------------------------------------------------
F. Joshua Krage, CISSP email@hidden
Code 297, Enterprise IT Security NASA Goddard Space Flight Center
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden