Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Restricted computer generated password

Status
Not open for further replies.
josel

josel

Programmer
Oct 16, 2001
716
US
Howdy!

I have successfully configured my server to enforce stric password rules. Passwords have to be 8 char in length, cannot be same or identical to last, must have all lower/upper letters and numbers ... and it expires in 90 days.

Now, I am facing the problem that some of "end-users" are choosing to have computer generate passwords for them. This option generates passwords that are not compliant to restriction put in place if the users were to enter the password themselves. In other words, all lower case letter w/out numbers are commonly generated.

How can I:

1) Make sure computer generated passwords follow rules?
2) Eliminate option to optain a computer generated password?

Thanks;


Jose Lerebours




KNOWLEDGE: Something you can give away endlessly and gain more of it in the process! - Jose Lerebours
 
Sort by date Sort by votes
You say users are 'choosing' to do this. Does this circumvent your password rules and allow these users to login? If so, it's a management issue - the rules you have in place are there for a reason, and anyone contravening them should be warned that they are doing so at the risk of disciplinary action. Otherwise why have rules in the first place?
 
Upvote 0 Downvote
Hi Ken, I think José's point is that the users would be confused if they are expected to comply with certain password rules, but then prompted by the passwd programme with an option to generate a pronouncable password that doesn't comply with those rules.

Annihilannic.
 
Upvote 0 Downvote
I see what you mean, Annihilannic - perhaps I was thinking too literally about 'choice' in this instance.
 
Upvote 0 Downvote
The problem is that `passwd` gives users the option to

1. Pick a pasworkd
2. Pronounceable password will be generated for you

Users pick number 2. This in turn, produces a password like "marceldoly" which is not compliant with the set rules.

Of course, as you imagine, users end-up forgetting their password or implying that it does not work. They then volunteer their new password and revealing that they have chosen option 2 above.

They get very "defensive" when I explain that they should adhere to the rules set forth claiming that the system itself does not follow such rules ... <smoke coming out of my ears> ...

So, given the problem, I want to know if there is a way to have `passwd` generate passwords that a compliant to set rules and/or can I set it so that it does not prompt for options and goes directly to prompt as if option 1 was chosen.

Regards;


Jose Lerebours


KNOWLEDGE: Something you can give away endlessly and gain more of it in the process! - Jose Lerebours
 
Upvote 0 Downvote
Similar to my previous post, see usermod man page, extended option "passwdRunGenerator".

Annihilannic.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Bluejay07
  • Locked
  • Question
SCO password change text location
Replies
0
Views
506
Bluejay07
Bluejay07
AmjathS
  • Locked
  • Question
AIX AD integration for Password authentication
Replies
1
Views
153
victorv
victorv
billo102
  • Locked
  • Question
ssh login with blank password
Replies
3
Views
130
billo102
billo102
peterscoman
  • Locked
  • Helpful tip
Copying files greater then 2GB on SAMBA shares using a Windows O.S. computer or another SCO Unix box
Replies
0
Views
75
peterscoman
peterscoman
penguinroundup
  • Locked
  • Question
password synchronization (SSOD) problems
Replies
0
Views
91
penguinroundup
penguinroundup

Part and Inventory Search

Sponsor

Back
Top