Re: Unix password config

To: Debian Mailing list <debian-user@lists.debian.org>
Subject: Re: Unix password config
From: "Karsten M. Self" <kmself@ix.netcom.com>
Date: Wed, 26 Sep 2001 00:06:05 -0700
Message-id: <[🔎] 20010926000605.B343@navel.introspect>
Mail-followup-to: Debian Mailing list <debian-user@lists.debian.org>
In-reply-to: <[🔎] 1001459091.3bb10d93ea64d@heritage.sd57.bc.ca>; from megglestone@heritage.sd57.bc.ca on Tue, Sep 25, 2001 at 04:04:51PM -0700
References: <[🔎] 1001447526.3bb0e06683e6c@heritage.sd57.bc.ca> <[🔎] 20010925141942.J4500@navel.introspect> <[🔎] 1001459091.3bb10d93ea64d@heritage.sd57.bc.ca>

on Tue, Sep 25, 2001 at 04:04:51PM -0700, Mike Egglestone (megglestone@heritage.sd57.bc.ca) wrote:
> Quoting "Karsten M. Self" <kmself@ix.netcom.com>:
> 
> > on Tue, Sep 25, 2001 at 12:52:06PM -0700, Mike Egglestone
> > (megglestone@heritage.sd57.bc.ca) wrote:
> > > Hi all,
> > > 
> > > Is there a way to setup "passwd" so that when a user goes to
> > > change their password, it can be as short as they want and as
> > > simple as they want?
> > 
> > Yes.  However, it's very strongly discouraged.

<...>

> > On my own systems I use pwgen to generate strings, generally 10-12
> > characters in length, e.g.:

> I probably should have explained myself a little better.  :) The
> purpose of the password changing is for a Samba lab.  I didn't realize
> at first that I had to edit the smb.conf to allow smaller smb
> passwords.  and I believe that when a user changes their smbpasswd,
> the passwd command that gets invoked from smb.conf is run as root and
> therefore their unix password can be whatever.

Ugh.  Samba....

> I agree with you in *not* having whimpy small passwords on linux.
> However, I have one lab where there are students from grade 7 and
> younger.  Some of them can't even spell their name.(The real young
> ones) So, I end up using usernames and passwords with only 3
> characters.  However, in some of the high schools, I definetly must
> use good security to maintain the labs. Some of these kids now adays
> are pretty sneaky.
> 

Hmm...that's probably acceptable.  But consider you've got the option to
get some kids off to good security practices.

I'd look at a bunch of word chosen from a dictionary.  Things like
"rabbitsilly" or "carrothouse".  Not strictly searchable in a dictionary
attack.  Fairly memorable, in their own strange way, likely more so than
an arbitrary four-character string.  I don't know of a tool to generate
same, but suspect they're out there or could be ginned up easily.

> I like the idea of your pwgen. I shall look into this more.

    $ apt-cache show pwgen
    $ apt-get install pwgen

Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What part of "Gestalt" don't you understand?              Home of the brave
  http://gestalt-system.sourceforge.net/                    Land of the free
   Free Dmitry! Boycott Adobe! Repeal the DMCA!  http://www.freesklyarov.org
Geek for Hire                      http://kmself.home.netcom.com/resume.html

Attachment: pgp96MPamrSOO.pgp
Description: PGP signature

Reply to:

References:
- Unix password config
  - From: Mike Egglestone <megglestone@heritage.sd57.bc.ca>
- Re: Unix password config
  - From: "Karsten M. Self" <kmself@ix.netcom.com>
- Re: Unix password config
  - From: Mike Egglestone <megglestone@heritage.sd57.bc.ca>

Prev by Date: Re: OT: netfilter inquiry
Next by Date: Re: Word-wrapping text editor
Previous by thread: Re: Unix password config
Next by thread: Re: Unix password config
Index(es):
- Date
- Thread