January 9th, 2004, 04:06 PM
Is there a viable password authentication tool for Unix?
We have multiple Unix systems at our site, the most prevalent being HP-UX. One of areas for improvment is around passwords. Yes I know, big surprise. What we are finding out is that for now we have to reactively attack this area, meaning going through occasionally and cracking passwords, notifying the users of those weak passwords, per server and then wait for them to change their password and retest.
We realize that this is a temporary and even a shaky strategy, so we want to take a proactive approach, much like they can in the Windows world with strong passwords turned on. We already have password aging turned on, however we cannot at this time, check the strength of the passwords when entered.
So does anyone know of an application or tool that works for unix that checks peoples passwords when they change them?
We will soon be also pursuing LDAP-UX once AD is rolled out on the Windows side.
January 9th, 2004, 04:26 PM
There is a current project which is using PAM as a pluggable method to having HP-UX, directly having the password change be tested by the PAM security module, and not accepting the password if it is weak based on configurations. I don't know much more about it, but that should get you in the right direction.
January 9th, 2004, 07:02 PM
Ahh very good - I was wondering about PAM as a solution. I will get my HP rep involved on this.