[unix-ws] Sicheres Passwort erzwingen
Sebastian Hagedorn
Hagedorn at uni-koeln.de
Fre Jul 7 11:08:36 CEST 2006
Hallo Thomas,
--On 6. Juli 2006 17:49:43 +0200 Thomas Lange
<lange at informatik.uni-koeln.de> wrote:
> wie kann ich unter Linux/Solaris die zukuenftigen verbindlichen
> Passwort Regeln der Uni auf meinen Rechnern erzwingen? Gibt es ein pam
> Modul fuer's login oder passwd, das ich gewisse Restriktionen
> ueberpruefen kann?
>
> Die Mindeslaenge ist kein Problem, das schaffe ich schon auf meinem NIS
> Master Server unter Solaris mit /etc/default/passwd: PASSLENGTH=8.
> Aber die weiteren Regeln?
Google findet eine Seite von Red Hat:
<http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/security-guide/s1-wstation-pass.html>
4.3.2.1. Forcing Strong Passwords
To protect the network from intrusion it is a good idea for system
administrators to verify that the passwords used within an organization are
strong ones. When users are asked to create or change passwords, they can
use the command line application passwd, which is Pluggable Authentication
Manager (PAM) aware and therefore checks to see if the password is easy to
crack or too short in length via the pam_cracklib.so PAM module. Since PAM
is customizable, it is possible to add further password integrity checkers,
such as pam_passwdqc (available from http://www.openwall.com/passwdqc/) or
to write a new module. For a list of available PAM modules, refer to
http://www.kernel.org/pub/linux/libs/pam/modules.html. For more information
about PAM, refer to the chapter titled Pluggable Authentication Modules
(PAM) in the Red Hat Enterprise Linux Reference Guide.
It should be noted, however, that the check performed on passwords at the
time of their creation does not discover bad passwords as effectively as
running a password cracking program against the passwords within the
organization.
There are many password cracking programs that run under Red Hat Enterprise
Linux although none ship with the operating system. Below is a brief list
of some of the more popular password cracking programs:
Note
None of these tools are supplied with Red Hat Enterprise Linux and are
therefore not supported by Red Hat, Inc. in any way.
John The Ripper — A fast and flexible password cracking program. It
allows the use of multiple word lists and is capable of brute-force
password cracking. It is available online at http://www.openwall.com/john/.
Crack — Perhaps the most well known password cracking software, Crack is
also very fast, though not as easy to use as John The Ripper. It can be
found online at http://www.crypticide.com/users/alecm/.
Slurpie — Slurpie is similar to John The Ripper and Crack, but it is
designed to run on multiple computers simultaneously, creating a
distributed password cracking attack. It can be found along with a number
of other distributed attack security evaluation tools online at
http://www.ussrback.com/distributed.htm.
Warning
Always get authorization in writing before attempting to crack passwords
within an organization.
GruĂź, Sebastian
--
.:.Sebastian Hagedorn - RZKR-R1 (Gebäude 52), Zimmer 18.:.
Zentrum für angewandte Informatik - Universitätsweiter Service RRZK
.:.Universität zu Köln / Cologne University - Tel. +49-221-478-5587.:.
.:.:.:.Skype: shagedorn.:.:.:.
-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname : nicht verfĂĽgbar
Dateityp : application/pgp-signature
Dateigröße : 186 bytes
Beschreibung: nicht verfĂĽgbar
URL : https://lists.uni-koeln.de/mailman/private/unix-ws/attachments/20060707/33578954/attachment.bin