Paul Gupta wrote: > By what mechanism does debian decide whether or not a password is too > weak etc. > ... > What is it exactly? AND How would one configure it to be stricter or > more lenient with password selection?
I use libpam-cracklib to protect from dictionary attacks. Also installed some dictionaries, see apt-cache search dictionary | grep "/usr/share/dict" /etc/pam.d/common-password: password required pam_cracklib.so retry=3 minlen=10 difok=3 3 retries, minimum length of password 10 characters, 3 characters is allowed to match with the previous password. Hope that gets you started. Maybe check this out, too. http://www.linuxsecurity.com/resource_files/host_security/securing-debian-howto/ap-checklist.en.html -- Juha Tuuna -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
