Re: Opie and protecting passphrases

From: Andrey A. Chernov (ache@nagual.pp.ru)
Date: 08/06/01


Date: Mon, 6 Aug 2001 18:30:59 +0400
From: "Andrey A. Chernov" <ache@nagual.pp.ru>
To: Bill Fenner <fenner@research.att.com>

More thoughts from another thread:

Restricting opiepasswd _weakens_ security, because force user to ask admin
to change password each time (f.e. when OPIE countdown goes to 0 or in
case secret phrase becomes accidentally known). Any type of admin asking
(by phone, by email) produce reaction time lag, in that period intruder
can use secret phrase or user don't have its access. Email asking
additionly transmit passwords over insecure channel.

-- 
Andrey A. Chernov
http://ache.pp.ru/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


Relevant Pages

  • dont have permission to change password.
    ... Check the account settings to see if the "User cannot ... change password" option is checked? ... Admin does have this option. ... >On a Windows XP pc on a win2k network i have just ...
    (microsoft.public.windowsxp.security_admin)
  • user accounts / passwords
    ... admin capavilities which puts everything to square one ... download and install, or boot up, go into admin settings ... and change password from the manufacturer pre installed.... ... cant change the admin settings... ...
    (microsoft.public.windowsxp.accessibility)
  • Re: cant change password on windows 2000 domain
    ... If I have their account set to ... "User must change password at next logon" it works just fine. ... For the Admin I have it set to not inherit domain policy. ...
    (microsoft.public.win2000.security)
  • recover administrator password
    ... password disk was made and no other users have admin ... privelages for me to change password within user accounts ...
    (microsoft.public.windowsxp.accessibility)
  • Re: How to force password change at next login
    ... passwd -f userid ... > Is there a way to force user to change password at next login? ...
    (comp.unix.solaris)