[Date Prev][Date Next]
RE: Password strength checking/cracking
> I would like to either enable some sort of password strength check and/or
> install a password cracker for my OpenLDAP installation.
> Current version is Openldap 2.2.17 (compiled from source)
> Passwords are in the default format ( I believe it's the default) ( SSHA)
> ldbm backend
> RedHat Enterprise Linux 3.0 server.
> What are my options for
> 1. configuring OpenLDAP to enforce some sort of password strength check.
> 2. installing/configuring a password cracker.
Both of these features are supported by the password policy overlay (see
slapo-ppolicy.5). The password policy overlay is currently available in
OpenLDAP HEAD. The overlay does work with OL 2.2; you need to import it from
HEAD and build it.
> Basically I'd like to configure LDAP to enforce strong passwords and/or
> know if a user has a weak password.
That would do it. You will need to write the interface to cracklib yourself,
but the policy overlay provides the hooks to make it reasonably easy.
> Thanks for any suggestions.
I hope this helps.
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
> Joe Morin
> CONFIDENTIALITY NOTICE: This e-mail, including attachments, is for the
> sole use of the individual to whom it is addressed. This message is
> confidential and may contain information that is privileged, confidential
> and is exempt from disclosure under applicable law. Any unauthorized
> review, use, disclosure or distribution is prohibited. If you have
> received this e-mail in error, please notify the sender by reply e-mail
> and destroy this message and its attachments.