Re: minimum number of days between password change
- From: "Jesús M. Navarro" <jesus.navarro@xxxxxxxxxxxxx>
- Date: Wed, 3 Nov 2010 03:40:45 +0100
Hi, lee:
On Tuesday 02 November 2010 21:26:54 lee wrote:
On Mon, Nov 01, 2010 at 06:29:03PM -0500, Ron Johnson wrote:
On 11/01/2010 04:45 PM, Jesús M. Navarro wrote:
Hi, Ron:
On Monday 01 November 2010 18:49:01 Ron Johnson wrote:
[...]
If someone learns my password on day 2, they have full access to my
account for 74 days, or I must beg for SysAdmin help?
"Minimum number of days" isn't a very bright idea.
It is, for a low minimum number.
The rationale is to avoid the user reusing passwords: Ok, so my password
is 12345678 and I must change it now? Let's do it: 87654321; but
immediately I change back again.
The way to do it is to have a record in your password db of the
hashes of each user's last N passwords.
BTW, how do you do that?
AFAIK you can't, at least with files backend (but that's a different issue).
Cheers.
--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx
Archive: http://lists.debian.org/201011030340.45466.jesus.navarro@xxxxxxxxxxxxx
- Follow-Ups:
- Re: minimum number of days between password change
- From: Mark Allums
- Re: minimum number of days between password change
- References:
- minimum number of days between password change
- From: Lukas Baxa
- Re: minimum number of days between password change
- From: Ron Johnson
- Re: minimum number of days between password change
- From: lee
- minimum number of days between password change
- Prev by Date: Re: Game online
- Next by Date: Re: help with rtorrent
- Previous by thread: Re: minimum number of days between password change
- Next by thread: Re: minimum number of days between password change
- Index(es):
Relevant Pages
|
