Hams Report 85-mile 802.11b File Transfers @ Oregon - pwd

• Previous message: Hams Report 85-mile 802.11b File Transfers @ Oregon - pwd
• Next message: Hams Report 85-mile 802.11b File Transfers @ Oregon - pwd
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 14 Apr 2004 17:09:58 -0700 
Alvin Oga <alvin at ns.Linux-Consulting.com> wrote:

> problem is some folks dont know what a good passwd is or what is
> stupid passwd and pass phrases

The standard approach to this is to no let users set their own
passwords, but to instead assign strong ones for them.  I've usually
seen this done with a small SSL wrapped web app that accepts the current
auth data and spits back the new.

Of course none of this prevents users from writing their passwords on
post-it notes, or as in the case of the office across the hall from me,
a long list of root passwords for hosts and switches written in sharpie
marker on the side of the desk.

> its always safe to assume that cracker has root access to any and all
> of the machines and protect what you can .. :-0

I'm largely of the mind that administrative passwords are and were a bad
idea from the get-go.  IP-limited public keys with passphrases seem the
better approach -- even better if you have a way to distinguish between
a pass phrased key and a non-passphrased key without having the private
key.

-- 
J C Lawrence
---------(*)                Satan, oscillate my metallic sonatas.
claw at kanga.nu               He lived as a devil, eh?
http://www.kanga.nu/~claw/  Evil is a name of a foeman, as I live.

• Previous message: Hams Report 85-mile 802.11b File Transfers @ Oregon - pwd
• Next message: Hams Report 85-mile 802.11b File Transfers @ Oregon - pwd
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]