RE: how to prevent re-use of passwords - SCO

This is a discussion on RE: how to prevent re-use of passwords - SCO ; I have a client that has been subject to a security audit by their major client account and I have to respond to several "action items." The client is running SCO 5.0.7 Enterprise with Maintenance Pack 3. I have enabled ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: RE: how to prevent re-use of passwords

  1. RE: how to prevent re-use of passwords


    I have a client that has been subject to a security audit by their
    major client account and I have to respond to several "action items."

    The client is running SCO 5.0.7 Enterprise with Maintenance Pack 3.

    I have enabled password aging with a 90-day lifetime and that appears
    to be working (Users logged off by new installation of nidleout were
    asked to change their passwords after I set MAXWEEKS=14 in
    /etc/default/password).

    i have edited /etc/default/password and set the minimum
    Password length to 8 characters per the client "action item."

    But I find no built in way to meet the requirement: "...restrict
    end-user from using one of their previous 4 passwords in the
    last 12 months."

    The GOODPW processing seems to hold out hope of calling additional
    programs to perform the password checking If I can find software
    or scripts to implement the four previous password prohibition.

    Has anyone had to implement this or know of software to accomplish
    this requirement?
    --

    Steve Fabac
    S.M. Fabac & Associates
    816/765-1670

  2. Re: how to prevent re-use of passwords

    On Tue, 04 Apr 2006 04:23:19 GMT, "Steve M. Fabac, Jr."
    wrote:

    >
    >I have a client that has been subject to a security audit by their
    >major client account and I have to respond to several "action items."
    >
    >The client is running SCO 5.0.7 Enterprise with Maintenance Pack 3.
    >
    >I have enabled password aging with a 90-day lifetime and that appears
    >to be working (Users logged off by new installation of nidleout were
    >asked to change their passwords after I set MAXWEEKS=14 in
    >/etc/default/password).
    >
    >i have edited /etc/default/password and set the minimum
    >Password length to 8 characters per the client "action item."
    >
    >But I find no built in way to meet the requirement: "...restrict
    >end-user from using one of their previous 4 passwords in the
    >last 12 months."
    >
    >The GOODPW processing seems to hold out hope of calling additional
    >programs to perform the password checking If I can find software
    >or scripts to implement the four previous password prohibition.
    >
    >Has anyone had to implement this or know of software to accomplish
    >this requirement?
    >--
    >
    > Steve Fabac
    > S.M. Fabac & Associates
    > 816/765-1670


    I prefer using a script to control password parameters. Read the man
    page on usermod especially the section on the x switch. You can use
    the userls -a -l >userid> command to review the password (and other
    security-related) settings applied to a particular user.

    I'm working from memory but I think the

    usermod -D -x "{passwdCheckedForObviousness 1}"

    command would set a default that prevents reuse of passwords but I'm
    unsure about how deep it goes. I know of no specific command or
    setting to meet your stated requirement but that certainly doesn't
    mean there isn't one somewhere.

    DDinAZ

+ Reply to Thread