[BlueOnyx:09437] Re: Password Enforcement

Ernie ernie at info.eis.net.au
Thu Jan 19 22:46:07 -05 2012 

To get around the "based on a dictionary word" problem, I used my own
simplified dictionary and put it in /usr/share/dict and remake the cracklib
dictionaries.

Something like:



cp  mydictionary /usr/share/dict/words

/usr/sbin/create-cracklib-dict /usr/share/dict/words

It will put the result in /usr/share/cracklib/

copy or symlink the pw_dict files from there back into the /usr/share/dict directory.



- Ernie.











> It's getting very annoying trying to create user passwords which don't get
> sent back for being "too short" or "based on a dictionary word" when they
> are no such thing. The result is very stupid passwords which are inherently
> insecure as the user will have to keep them written down. 
> 
>  
> 
> Is there any way to amend the policy, or to just turn it off?? 
> 
>  
> 
> For further reading on the subject of *good* passwords I offer
> http://xkcd.com/936/ 
> 
>  
> 
> --
> Chris Comley
> Wizards Limited -  Reg in England # 2799104 - PO Box 255  - HP16 9SD
> Networking, Storage, Internet,  Phones                  | 01494 837515
> and Wide Area Networking                                           | Talk to
> us about telephone systems.
> 
> Firewalls, Routers, Switches - Installation, training, consultancy. 
> 
>  
> 
>  
> 
> 
> ------=_NextPart_000_1666_01CCD5EF.4F94BEB0
> Content-Type: text/html;
> 	charset="US-ASCII"
> Content-Transfer-Encoding: quoted-printable
> 
> <html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
> xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
> xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
> xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =
> xmlns=3D"http://www.w3.org/TR/REC-html40"><head><META =
> HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
> charset=3Dus-ascii"><meta name=3DGenerator content=3D"Microsoft Word 14 =
> (filtered medium)"><style><!--
> /* Font Definitions */
> @font-face
> 	{font-family:"Cambria Math";
> 	panose-1:2 4 5 3 5 4 6 3 2 4;}
> @font-face
> 	{font-family:Calibri;
> 	panose-1:2 15 5 2 2 2 4 3 2 4;}
> @font-face
> 	{font-family:Tahoma;
> 	panose-1:2 11 6 4 3 5 4 4 2 4;}
> /* Style Definitions */
> p.MsoNormal, li.MsoNormal, div.MsoNormal
> 	{margin:0cm;
> 	margin-bottom:.0001pt;
> 	font-size:11.0pt;
> 	font-family:"Calibri","sans-serif";
> 	mso-fareast-language:EN-US;}
> a:link, span.MsoHyperlink
> 	{mso-style-priority:99;
> 	color:blue;
> 	text-decoration:underline;}
> a:visited, span.MsoHyperlinkFollowed
> 	{mso-style-priority:99;
> 	color:purple;
> 	text-decoration:underline;}
> span.EmailStyle17
> 	{mso-style-type:personal;
> 	font-family:"Calibri","sans-serif";
> 	color:windowtext;}
> span.EmailStyle18
> 	{mso-style-type:personal-reply;
> 	font-family:"Calibri","sans-serif";
> 	color:#1F497D;}
> .MsoChpDefault
> 	{mso-style-type:export-only;
> 	font-size:10.0pt;}
> @page WordSection1
> 	{size:612.0pt 792.0pt;
> 	margin:72.0pt 72.0pt 72.0pt 72.0pt;}
> div.WordSection1
> 	{page:WordSection1;}
> --></style><!--[if gte mso 9]><xml>
> <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
> </xml><![endif]--><!--[if gte mso 9]><xml>
> <o:shapelayout v:ext=3D"edit">
> <o:idmap v:ext=3D"edit" data=3D"1" />
> </o:shapelayout></xml><![endif]--></head><body lang=3DEN-GB link=3Dblue =
> vlink=3Dpurple><div class=3DWordSection1><p class=3DMsoNormal><span =
> style=3D'color:#1F497D'>This seems to be going from bad to worse anyway. =
> <o:p></o:p></span></p><p class=3DMsoNormal><span =
> style=3D'color:#1F497D'><o:p> </o:p></span></p><p =
> class=3DMsoNormal><span style=3D'color:#1F497D'>I’ve just =
> tried<o:p></o:p></span></p><p class=3DMsoNormal><span =
> style=3D'color:#1F497D'><o:p> </o:p></span></p><p =
> class=3DMsoNormal>log12&---12ad99++<o:p></o:p></p><p =
> class=3DMsoNormal><o:p> </o:p></p><p class=3DMsoNormal>and =
> it’s STILL saying it’s “too short” – =
> that’s surely longer than some I’ve done before. Is it =
> trying to insist on a minium number of letters or digits as well as =
> over-all length? Half the problem is the rules don’t even appear =
> to be specified! <o:p></o:p></p><p =
> class=3DMsoNormal><o:p> </o:p></p><p class=3DMsoNormal>I daresay I =
> can’t change the pwd at the command line either… <span =
> style=3D'color:#1F497D'><o:p></o:p></span></p><p class=3DMsoNormal><span =
> style=3D'color:#1F497D'><o:p> </o:p></span></p><div><div =
> style=3D'border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm =
> 0cm 0cm'><p class=3DMsoNormal><b><span lang=3DEN-US =
> style=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-fareast-l=
> anguage:EN-GB'>From:</span></b><span lang=3DEN-US =
> style=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-fareast-l=
> anguage:EN-GB'> blueonyx-bounces at mail.blueonyx.it =
> [mailto:blueonyx-bounces at mail.blueonyx.it] <b>On Behalf Of </b>Chris =
> Comley<br><b>Sent:</b> 05 January 2012 10:13<br><b>To:</b> =
> blueonyx at blueonyx.it<br><b>Subject:</b> [BlueOnyx:09315] Password =
> Enforcement<o:p></o:p></span></p></div></div><p =
> class=3DMsoNormal><o:p> </o:p></p><p class=3DMsoNormal>It’s =
> getting very annoying trying to create user passwords which don’t =
> get sent back for being “too short” or “based on a =
> dictionary word” when they are no such thing. The result is very =
> stupid passwords which are inherently insecure as the user will have to =
> keep them written down. <o:p></o:p></p><p =
> class=3DMsoNormal><o:p> </o:p></p><p class=3DMsoNormal>Is there any =
> way to amend the policy, or to just turn it off?? <o:p></o:p></p><p =
> class=3DMsoNormal><o:p> </o:p></p><p class=3DMsoNormal>For further =
> reading on the subject of *<b>good</b>* passwords I offer  <a =
> href=3D"http://xkcd.com/936/">http://xkcd.com/936/</a> <o:p></o:p></p><p =
> class=3DMsoNormal><o:p> </o:p></p><p class=3DMsoNormal><span =
> style=3D'color:#888888;mso-fareast-language:EN-GB'>--<br>Chris =
> Comley<br>Wizards Limited -  Reg in England # 2799104 - PO Box =
> 255  - HP16 9SD<br>Networking, Storage, Internet,  Phones =
>             &=
> nbsp;    | 01494 837515<br>and Wide Area Networking =
>             &=
> nbsp;           &n=
> bsp;           &nb=
> sp;     | Talk to us about telephone =
> systems.<o:p></o:p></span></p><p class=3DMsoNormal><span =
> style=3D'color:#888888;mso-fareast-language:EN-GB'>Firewalls, Routers, =
> Switches - Installation, training, consultancy. </span><span =
> style=3D'mso-fareast-language:EN-GB'><o:p></o:p></span></p><p =
> class=3DMsoNormal><span =
> style=3D'mso-fareast-language:EN-GB'><o:p> </o:p></span></p><p =
> class=3DMsoNormal><o:p> </o:p></p></div></body></html>
> ------=_NextPart_000_1666_01CCD5EF.4F94BEB0--
> 
> 
> --===============1463100053==
> Content-Type: text/plain; charset="us-ascii"
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
> Content-Disposition: inline
> 
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx
> 
> --===============1463100053==--
> 
> 


-- 
"I Ping therefore I am."

More information about the Blueonyx mailing list