LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 08-17-2009, 02:46 AM   #1
sushantchawla2005
Member
 
Registered: Jun 2009
Location: India
Distribution: All flavours of linux
Posts: 93

Rep: Reputation: 14
Exclamation Forcing Users for strong passwords


Dear All

I am using smbldap tools with my LDAP server in my company. Now the situation is I want to force the users not to give simple passwords (e.g. name,etc) & also I want to be able to check the strong level of the passwords of my server users, so please suggest me any tool through which I can perform these above mentioned functions.


Thanks in Advance
Sushant Chawla
Linux Administrator
 
Old 08-17-2009, 03:35 AM   #2
mrbubblesort
LQ Newbie
 
Registered: Oct 2008
Location: Tokyo
Distribution: Debian / Ubuntu
Posts: 14

Rep: Reputation: 1
I think you can use a PAM module to enforce this. I just did a quick google search for "PAM strong passwords" and came up with:

pam_cracklib
http://www.deer-run.com/~hal/sysadmin/pam_cracklib.html

pam_passwdqc
http://articles.techrepublic.com.com...1-6111316.html
 
Old 08-20-2009, 11:13 AM   #3
sushantchawla2005
Member
 
Registered: Jun 2009
Location: India
Distribution: All flavours of linux
Posts: 93

Original Poster
Rep: Reputation: 14
Firstly thanks for the help

Although the modules are working fine with checking the strong passwords but at the same time I also want to check for the current passwords which are already set for my hundreds of users. I can not change the passwords of each & every user.

I want to notify only those users whose passwords are simple.

Thanks
Sushant Chawla
Linux Administrator
 
Old 08-20-2009, 11:52 AM   #4
vikas027
Senior Member
 
Registered: May 2007
Location: Sydney
Distribution: RHEL, CentOS, Ubuntu, Debian, OS X
Posts: 1,305

Rep: Reputation: 107Reputation: 107
Lightbulb

Quote:
Originally Posted by sushantchawla2005 View Post
Firstly thanks for the help

Although the modules are working fine with checking the strong passwords but at the same time I also want to check for the current passwords which are already set for my hundreds of users. I can not change the passwords of each & every user.

I want to notify only those users whose passwords are simple.

Thanks
Sushant Chawla
Linux Administrator

Hi Sushant,

What I can suggest you is to run this command in loop for all of your users.
Code:
chage -d 0 username
This will forcefully ask all your users to change their password whenever they log in next.

Hope this helps.

Last edited by vikas027; 08-20-2009 at 11:53 AM.
 
Old 08-21-2009, 12:50 AM   #5
sushantchawla2005
Member
 
Registered: Jun 2009
Location: India
Distribution: All flavours of linux
Posts: 93

Original Poster
Rep: Reputation: 14
Hi Vikas

How are you?

Dude I am using LDAP for users & as i said I can not force my each & every user for changing his/her password, I only want to notify those users who have weak passwords.

Do you know any graphical tool or browser application which can help me sorting this issue & can check the strongness of my users passwords. (e.g. when we are filling any form, it shows the strongness of your password)

It is very urgent as many users are having very simple passwords & you know that its a nightmare for an Admin to have such kind of security issues in the network.


Thanks
Sushant Chawla
Linux Administrator

Last edited by sushantchawla2005; 08-21-2009 at 12:54 AM.
 
Old 08-21-2009, 10:12 AM   #6
vikas027
Senior Member
 
Registered: May 2007
Location: Sydney
Distribution: RHEL, CentOS, Ubuntu, Debian, OS X
Posts: 1,305

Rep: Reputation: 107Reputation: 107
Quote:
Originally Posted by sushantchawla2005 View Post
Hi Vikas

How are you?

Dude I am using LDAP for users & as i said I can not force my each & every user for changing his/her password, I only want to notify those users who have weak passwords.

Do you know any graphical tool or browser application which can help me sorting this issue & can check the strongness of my users passwords. (e.g. when we are filling any form, it shows the strongness of your password)

It is very urgent as many users are having very simple passwords & you know that its a nightmare for an Admin to have such kind of security issues in the network.


Thanks
Sushant Chawla
Linux Administrator
Ok, for this I believe you need two things

1) MD5 password decoder (to know current passwords of users) (THIS IS DIFFICULT)
2) Then a password strength check script for Unix.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Strong Passwords, SquirrelMail, and Vacation linuxlastslonge Linux - Software 8 07-10-2007 01:45 AM
strong passwords csaunders Red Hat 5 02-24-2007 10:33 AM
Forcing users to use proxy avallach Linux - Networking 2 01-14-2007 06:10 AM
Forcing users to use DG on server. Steve2001 Linux - Networking 1 08-27-2005 09:33 AM
How to turn OFF strong passwords? kkempter Red Hat 1 02-22-2005 08:55 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 02:13 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration