[Fed-Talk] Re: How to use pwpolicy for setting local password policies?
[Fed-Talk] Re: How to use pwpolicy for setting local password policies?
- Subject: [Fed-Talk] Re: How to use pwpolicy for setting local password policies?
- From: Shawn Geddis <email@hidden>
- Date: Fri, 17 Jun 2005 11:00:55 -0400
On Jun 16, 2005, at 3:26 PM, Mark Moorcroft wrote:
I don't mean to be the voice of doom here but has Apple actually
said they even support pwpolicy on client? The last I heard they
were claiming that it's only "officially" supported when server is
involved. Of course this is a totally unacceptable answer but
that's what they were saying. This was in the Panther time frame if
I recall of course.
To try and quickly address Mark's comments here....
pwpolicy was added to the client side in support of the requirements
for Common Criteria Certification. Apple provides the required
functionality and documentation in the CC Admin Guide to perform
those modifications necessary for the CAPP/EAL3 Certification.
Limited pwpolicy IS available and IS _Officially_ supported to that
degree. Any additional functionality or options would be beyond
those requirements and work done to date. The man pages were brought
over from the Server implementation and hence the 'man page'
reference to server mentioned earlier.
There are far better and readily available mechanisms than Complex
Password Polices on locally managed accounts. Smart Card Services
and the use of a Smart Card for Cryptographic login is one to consider.
I am personally severely backlogged on my responses to Fed-Talk
messages related to security, so if you have not gotten a response,
please be patient and/or resend your question/request for info again
to the list and/or directly to me.
-Shawn
___________________________________________
Shawn Geddis
Security Consulting Engineer
Apple Computer - US Federal Government
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden