[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: identifying weak passwords

Another option is export you ldap user password on the form
userid:userPassword for a file and use John the Ripper to try crack
Weaks passwords are shown on few minutes.
If your password is on SSHA format, you'll need apply a patch on the JtR.

On 12/4/06, Thierry Lacoste <lacoste@univ-paris12.fr> wrote:
I'm running OpenLDAP 2.3.24 on a production server.
As I was in a hurry and discovering LDAP when I installed it,
I didn't enforce any password policy.

Now I would like to identify weak passwords to warn their
users. What are my options?

Best regards,

Cleber P. de Souza