[unix-ws] Sicheres Passwort erzwingen

[Sebastian Hagedorn]

Hallo Thomas,

--On 6. Juli 2006 17:49:43 +0200 Thomas Lange 
<lange at informatik.uni-koeln.de> wrote:

> wie kann ich unter Linux/Solaris die zukuenftigen verbindlichen
> Passwort Regeln der Uni auf meinen Rechnern erzwingen? Gibt es ein pam
> Modul fuer's login oder passwd, das ich gewisse Restriktionen
> ueberpruefen kann?
>
> Die Mindeslaenge ist kein Problem, das schaffe ich schon auf meinem NIS
> Master Server unter Solaris mit /etc/default/passwd: PASSLENGTH=8.
> Aber die weiteren Regeln?

Google findet eine Seite von Red Hat:

<http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/security-guide/s1-wstation-pass.html>

4.3.2.1. Forcing Strong Passwords
To protect the network from intrusion it is a good idea for system 
administrators to verify that the passwords used within an organization are 
strong ones. When users are asked to create or change passwords, they can 
use the command line application passwd, which is Pluggable Authentication 
Manager (PAM) aware and therefore checks to see if the password is easy to 
crack or too short in length via the pam_cracklib.so PAM module. Since PAM 
is customizable, it is possible to add further password integrity checkers, 
such as pam_passwdqc (available from http://www.openwall.com/passwdqc/) or 
to write a new module. For a list of available PAM modules, refer to 
http://www.kernel.org/pub/linux/libs/pam/modules.html. For more information 
about PAM, refer to the chapter titled Pluggable Authentication Modules 
(PAM) in the Red Hat Enterprise Linux Reference Guide.

It should be noted, however, that the check performed on passwords at the 
time of their creation does not discover bad passwords as effectively as 
running a password cracking program against the passwords within the 
organization.

There are many password cracking programs that run under Red Hat Enterprise 
Linux although none ship with the operating system. Below is a brief list 
of some of the more popular password cracking programs:

	Note
 	
None of these tools are supplied with Red Hat Enterprise Linux and are 
therefore not supported by Red Hat, Inc. in any way.

John The Ripper — A fast and flexible password cracking program. It 
allows the use of multiple word lists and is capable of brute-force 
password cracking. It is available online at http://www.openwall.com/john/.

Crack — Perhaps the most well known password cracking software, Crack is 
also very fast, though not as easy to use as John The Ripper. It can be 
found online at http://www.crypticide.com/users/alecm/.

Slurpie — Slurpie is similar to John The Ripper and Crack, but it is 
designed to run on multiple computers simultaneously, creating a 
distributed password cracking attack. It can be found along with a number 
of other distributed attack security evaluation tools online at 
http://www.ussrback.com/distributed.htm.

	Warning
 	
Always get authorization in writing before attempting to crack passwords 
within an organization.

Gruß, Sebastian
-- 
     .:.Sebastian Hagedorn - RZKR-R1 (Gebäude 52), Zimmer 18.:.
Zentrum für angewandte Informatik - Universitätsweiter Service RRZK
.:.Universität zu Köln / Cologne University - Tel. +49-221-478-5587.:.
                   .:.:.:.Skype: shagedorn.:.:.:.
-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname   : nicht verfügbar
Dateityp    : application/pgp-signature
Dateigröße  : 186 bytes
Beschreibung: nicht verfügbar
URL         : https://lists.uni-koeln.de/mailman/private/unix-ws/attachments/20060707/33578954/attachment.bin