nis & weak passwords
Hello,
apparently yppasswd in the nis package wasn't compiled with
-DUSE_OBVIOUS
to check for weak passwords. I found out that more than 20% of the user
passwords in a Debian net I was managing were _very_ weak (eg login name). Not
a very comfortable figure (even if one's using shadow passwords).
I was inclined to install npasswd (or even a modified yppasswd) in
/usr/local/bin. However, the server, yppasswdd, doesn't require that its
clients talk to it from privileged ports (so yppasswd doesn't need to be suid
root and I can't enforce my password policy).
I think it would be nice if Debian addressed this (potential) security problem
in an out-of-the-box configuration... IMHO, it already beats all commercial
Unixes I know.
Thanks,
--
Adriano
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: