If this relates to Windows (SMB/CIFS) shares being flagged, then check
out the Samba Project documentation on how to institute various
password policies specifically for Samba. The Samba passwords are
stored separately from the Mac OS X password store. (At least this is
the way it was in Tiger, have not fully researched Leopard yet.)
-m
-----Original Message-----
From: fed-talk-bounces+mamoore=email@hidden
[mailto:fed-talk-bounces+mamoore=email@hidden] On Behalf
Of James Alcasid
Sent: Friday, November 16, 2007 12:30 PM
To: Blankenship, Bob J Mr CTR USA IMCOM; Apple Fed Talk
Subject: Re: [Fed-Talk] Macs getting Flagged (UNCLASSIFIED)
By default their are no global policy defaults for passwords on MacOSX
Client and Server.
For what you are trying to accomplish check the man pages on pwpolicy.
What you are trying to accomplish might look something like this as an
example:
sudo pwpolicy - a the_dmin_username -setglobalpolicy "minChars=8
maxMinutesUntilChangePassword=129600"
I believe DoD specifies a min of 9 characters with two upper AND lower
case
alphas, two numerals and two special characters expiring every sixty
days.
It would be best to consult with your local ISO in regards to this.
Leopard ships with version 3.0.25b of Samba.
I would advise against using any kind of peer to peer file sharing if
you
have a server to exchange files to and from.
--
James Alcasid | VTI
Department of Veterans Affairs
email@hidden
From: "Blankenship, Bob J Mr CTR USA IMCOM"
<email@hidden>
Date: Fri, 16 Nov 2007 10:17:29 -0600
To: Apple Fed Talk <email@hidden>
Conversation: Macs getting Flagged (UNCLASSIFIED)
Subject: [Fed-Talk] Macs getting Flagged (UNCLASSIFIED)
Classification: UNCLASSIFIED
Caveats: NONE
The Macs in our building are getting flagged on a network scan
report.
The areas we are getting flagged are password length does not meet
minimum requirements of 8 characters and password age cannot be over
90
days. We can change our passwords and that may fix the 90-day problem
but my password is 11 characters long so it already meets the minimum
length requirement. Not sure why I am getting flagged on this one
unless
it because of the shared folders I have set up. Is there somewhere on
a
control panel to set the minimum password length?
The other area is "account lockout threshold" and the duration of how
many minutes before the account becomes unlocked and how many times a
user can attempt to log in before they are locked out. Anyone have
suggestions on how do we change this?
The last item is Multi heap buffer overflows. They say to fix this
problem by upgrading to Samba 3.0.25 or later. Anyone know if Leopard
has this version of Samba or later? Might be a way for me to get some
OS
upgrades.
We have Personal File Sharing, Windows Sharing, and Printer Sharing
turned on. I think the Windows Sharing uses Samba but not sure.
I wouldn't be surprised if somehow all this is not directly related
Samba and Windows Sharing.
Any suggestions will be appreciated.
Thanks
Bob Blankenship
Classification: UNCLASSIFIED
Caveats: NONE
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden