nis & weak passwords

To: debian-user@lists.debian.org
Subject: nis & weak passwords
From: Adriano Nagelschmidt Rodrigues <anr@ime.usp.br>
Date: Tue, 28 Oct 1997 23:47:06 -0300
Message-id: <[🔎] 19971029014707.735.qmail@jaca.ime.usp.br>

Hello,

apparently yppasswd in the nis package wasn't compiled with

-DUSE_OBVIOUS

to check for weak passwords. I found out that more than 20% of the user
passwords in a Debian net I was managing were _very_ weak (eg login name). Not
a very comfortable figure (even if one's using shadow passwords).

I was inclined to install npasswd (or even a modified yppasswd) in
/usr/local/bin. However, the server, yppasswdd, doesn't require that its
clients talk to it from privileged ports (so yppasswd doesn't need to be suid
root and I can't enforce my password policy).

I think it would be nice if Debian addressed this (potential) security problem
in an out-of-the-box configuration... IMHO, it already beats all commercial
Unixes I know.

Thanks,

--
Adriano


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

Prev by Date: `kill(pid,0): No such process'
Next by Date: pppd & NT
Previous by thread: `kill(pid,0): No such process'
Next by thread: pppd & NT
Index(es):
- Date
- Thread