topic PAM Authentication in Operating System - HP-UX

PAM Authentication

Mike Marsh — Thu, 17 Jul 2003 14:30:54 GMT

Hello,

The organization I work for has recently changed the password strength checking requirements. I am looking for a tool or a PAM module that can test for these requirements.
1. Password expires in 90 days.
2. Minimum Length of 8 characters.
3. Must have 3 of the 4, Upper case, Lower Case, Special Character, and Number in teh password.
4. Failed Retries before lockout 5.
5. Password not in history 13.
6. Password Content Strength Tool(Not common words or Names in the password)

Any suggestions, third party tools or if something already exist from HP would be great.
Thanks for any help....

Re: PAM Authentication

Ken Hubnik_2 — Thu, 17 Jul 2003 14:33:12 GMT

Convert to a trusted sytem and all this will be available for you. Do a man on tsconvert

Re: PAM Authentication

Elena Leontieva — Thu, 17 Jul 2003 15:05:41 GMT

You may also want to check out this product:

http://www.utexas.edu/cc/unix/software/npasswd/

Elena.

Re: PAM Authentication

Adrian Pillai_1 — Thu, 24 Jul 2003 05:09:27 GMT

as said above, tsconvert will work.
Access Control by Computer Associations does that, and a lot more-- You can tell by the liscense costs... :)

Re: PAM Authentication

Steven E. Protter — Thu, 24 Jul 2003 05:30:13 GMT

http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=B6849AA

Its a security hardening tool.

Answer a question yes or no and it converts your system to trusted.

One problem though is that Trusted systems can't currently enforce caps requirements.

Currently Trusted systems don't enforce dictionary rules.

But there is a feature in there that lets the system assign the password. It will annoy the heck out of your users but will meet your requirements.

You can go trusted another way.

Sam
Auditing & Security

Audited Events

You will be prompted for conversion.

Check out System Security Policies there for what you can do.

SEP