Re: [Fed-Talk] Re: Please help (NISPOM Compliance)
Re: [Fed-Talk] Re: Please help (NISPOM Compliance)
- Subject: Re: [Fed-Talk] Re: Please help (NISPOM Compliance)
- From: Charles Heizer <email@hidden>
- Date: Thu, 04 Aug 2005 13:29:40 -0700
Debbie,
You can look in to using pwpolicy on those systems where the user accounts
are going to be local accounts.
- Charles
On 8/4/05 1:08 PM, "Debbie Tropiano" <email@hidden> wrote:
> Dan -
>
> On Thu, Aug 04, 2005 at 12:27:24PM -0700, Dan O'Donnell wrote:
>> Consider you may need to do some degree or implementation of the following.
>> (Devil is in the details too...)
>> ...
>
>> 3. Password complexity
>> This is controlled by a directory server. Your choice whether to use Active
>> Directory (Windows), LDAP (*nix) or Open Directory (OSX Server). Complexity
>> requirements are: a) expiration at 90 days, b) minimum of eight non-blank
>> characters, letters and numbers, c) special characters and upper and lower
>> case in the alpha characters, and d) lockout after specified number of
>> unsuccessful attempts to login.
>> (Bonus points if you figure out how to do c.) Check man pwpolicy for more
>> info on the built-in capabilities. (Be advised that being in the man pages
>> doesn't mean that it works without a server.)
>> ...
>
> Well, we've got (c) due to our custom authentication server, but it doesn't
> give us (d). For our other platforms (Windows, Solaris, Linux) we're getting
> (d) met with OS specific utilities (and a custom PAM modules for Solaris).
>
> So basically Max OSX fully depends on some sort of external authentication
> server to meet all of these requirements and has nothing inherent in the OS
> nor any add-on utilities to do this.
>
> That's what I needed to know and that basically means that the Macs can't
> be made NISPOM compliant in our lab since we don't plan to implement a Mac
> or Windows directory server just for this.
>
> Thanks so much for the info,
> Debbie
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden