Re: [Fed-Talk] Re: Please help (NISPOM Compliance)
Re: [Fed-Talk] Re: Please help (NISPOM Compliance)
- Subject: Re: [Fed-Talk] Re: Please help (NISPOM Compliance)
- From: Michael Pike <email@hidden>
- Date: Thu, 4 Aug 2005 16:55:21 -0600
I don't think it would be that difficult to whip up a program that
manipulates the passwords for
OS X and put in the appropriate rules.
We had a situation in our agency where EVERY machine had to display a
banner about "no implied privacy on a government system". Of course,
the banner worked great off of a windows machine, it was placed in
the login script.
Didn't work on Apple.... they threatened to take the Apple's offline,
so I wrote a quick and dirty program that would read the banner from
the Windows server and pop it up after login on the Mac.
If the password issue is not too complex (and it sounds like it
isn't) I might be able to whip something up that is an application
that manipulates the password, and disable the "stock" password
utility in system preferences.
Before I take on such a task, is Apple developing anything to deal
with this? I don't want to see a site go without Apple for something
as minor as a password policy, but at the same time I don't want to
waste time writing it if someone else has done it.
Mike
Does OS X use /etc/passwd or /etc/passwd-
On Aug 4, 2005, at 2:29 PM, Charles Heizer wrote:
Debbie,
You can look in to using pwpolicy on those systems where the user
accounts
are going to be local accounts.
- Charles
On 8/4/05 1:08 PM, "Debbie Tropiano" <email@hidden> wrote:
Dan -
On Thu, Aug 04, 2005 at 12:27:24PM -0700, Dan O'Donnell wrote:
Consider you may need to do some degree or implementation of the
following.
(Devil is in the details too...)
...
3. Password complexity
This is controlled by a directory server. Your choice whether to
use Active
Directory (Windows), LDAP (*nix) or Open Directory (OSX Server).
Complexity
requirements are: a) expiration at 90 days, b) minimum of eight
non-blank
characters, letters and numbers, c) special characters and upper
and lower
case in the alpha characters, and d) lockout after specified
number of
unsuccessful attempts to login.
(Bonus points if you figure out how to do c.) Check man pwpolicy
for more
info on the built-in capabilities. (Be advised that being in the
man pages
doesn't mean that it works without a server.)
...
Well, we've got (c) due to our custom authentication server, but
it doesn't
give us (d). For our other platforms (Windows, Solaris, Linux)
we're getting
(d) met with OS specific utilities (and a custom PAM modules for
Solaris).
So basically Max OSX fully depends on some sort of external
authentication
server to meet all of these requirements and has nothing inherent
in the OS
nor any add-on utilities to do this.
That's what I needed to know and that basically means that the
Macs can't
be made NISPOM compliant in our lab since we don't plan to
implement a Mac
or Windows directory server just for this.
Thanks so much for the info,
Debbie
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden