[Fed-Talk] Re: Please help (NISPOM Compliance)
[Fed-Talk] Re: Please help (NISPOM Compliance)
- Subject: [Fed-Talk] Re: Please help (NISPOM Compliance)
- From: Debbie Tropiano <email@hidden>
- Date: Thu, 4 Aug 2005 15:08:25 -0500
Dan -
On Thu, Aug 04, 2005 at 12:27:24PM -0700, Dan O'Donnell wrote:
> Consider you may need to do some degree or implementation of the following.
> (Devil is in the details too...)
>...
> 3. Password complexity
> This is controlled by a directory server. Your choice whether to use Active
> Directory (Windows), LDAP (*nix) or Open Directory (OSX Server). Complexity
> requirements are: a) expiration at 90 days, b) minimum of eight non-blank
> characters, letters and numbers, c) special characters and upper and lower
> case in the alpha characters, and d) lockout after specified number of
> unsuccessful attempts to login.
> (Bonus points if you figure out how to do c.) Check man pwpolicy for more
> info on the built-in capabilities. (Be advised that being in the man pages
> doesn't mean that it works without a server.)
>...
Well, we've got (c) due to our custom authentication server, but it doesn't
give us (d). For our other platforms (Windows, Solaris, Linux) we're getting
(d) met with OS specific utilities (and a custom PAM modules for Solaris).
So basically Max OSX fully depends on some sort of external authentication
server to meet all of these requirements and has nothing inherent in the OS
nor any add-on utilities to do this.
That's what I needed to know and that basically means that the Macs can't
be made NISPOM compliant in our lab since we don't plan to implement a Mac
or Windows directory server just for this.
Thanks so much for the info,
Debbie
--
| Debbie Tropiano | email@hidden |
| Environmental Sciences Laboratory | +1 512 835 3367 w |
| Applied Research Laboratories of UT Austin | +1 512 835 3544 fax |
| P.O. Box 8029, Austin, TX 78713-8029 | home email: email@hidden |
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden