RE: Password strength checking/cracking

["Matthew Hardin" <mhardin@symas.com>]

> I would like to either enable some sort of password strength check and/or
> install a password cracker for my OpenLDAP installation.
> Current version is Openldap 2.2.17 (compiled from source)
> Passwords are in the default format ( I believe it's the default)  ( SSHA)
> ldbm backend
> RedHat Enterprise Linux 3.0 server.
> 
> What are my options for
> 1. configuring OpenLDAP to enforce some sort of password strength check.
> 2. installing/configuring a password cracker.

Both of these features are supported by the password policy overlay (see
slapo-ppolicy.5). The password policy overlay is currently available in
OpenLDAP HEAD. The overlay does work with OL 2.2; you need to import it from
HEAD and build it.

> Basically I'd like to configure LDAP to enforce strong passwords and/or
> know if a user has a weak password.

That would do it. You will need to write the interface to cracklib yourself,
but the policy overlay provides the hooks to make it reasonably easy.

> Thanks for any suggestions.

I hope this helps.

Matthew Hardin
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
http://www.symas.com
 
> Joe Morin
> 
> 
> CONFIDENTIALITY NOTICE: This e-mail, including attachments, is for the
> sole use of the individual to whom it is addressed. This message is
> confidential and may contain information that is privileged, confidential
> and is exempt from disclosure under applicable law. Any unauthorized
> review, use, disclosure or distribution is prohibited. If you have
> received this e-mail in error, please notify the sender by reply e-mail
> and destroy this message and its attachments.
>