Hello,
Currently we use ppm https://github.com/ltb-project/ppm which works quite well as a quality checker.
Wanted to see what others use. Was looking around and found some interesting ones:
pam_pwquality ( i believe these are only for users in passwd file ) ppchecker http://www.meddeb.net/pqchecker/?Idx=0
Any input is appreciated.
Thanks! Dave
On 8/16/19 3:56 PM, Dave Macias wrote:
pam_pwquality ( i believe these are only for users in passwd file )
Not only for users in /etc/passwd but part of the PAM stack. So only password changes via local passwd tool or similar are checked.
ppchecker http://www.meddeb.net/pqchecker/?Idx=0
The problem with all the implementations I know of is that parameters are stored in a single config file. Thus you cannot apply different policies to different users. I'd love to see this to be part of slapo-ppolicy machinery with password change policy parameters also derived from pwdPolicy entry just like the minimum password length.
Furthermore the question is whether the C code of those shared libs was carefully reviewed and does not expose a security risk.
Ciao, Michael.
openldap-technical@openldap.org
-
Dave Macias -
Michael Ströder