[nycbug-talk] Change password at next login?

Brian A. Seklecki lavalamp at spiritual-machines.org
Fri Apr 25 15:48:05 EDT 2008

On Fri, 25 Apr 2008, Tim A. wrote:

> Internal FreeBSD server, no outside access.

pw(8) and login.conf(8).  You can expire passwords and accounts after 

> Is there anything else that does this?
> Also, is there someway to require a certain level of password complexity?

For LDAP (nss_ldap+pam_ldap), you could enforce strong passwords using a 
custom filter, but I have found that 2-factor authentication is much more 
successful than strong passwords (which just encourage people to write 
them down)

For this, you can use something like Entrust IdentityGuard, in combination 
with pam_radius (with fallback to pam_ldap), for two-factor authentication 
(grid cards, FOBs), OTP password lists, etc...


> Of course, I'd prefer to setup some sort of ssh-key escrow management

More information about the talk mailing list