Книга: Fedora™ Unleashed, 2008 edition

Managing Password Security for Users

Managing Password Security for Users

Selecting appropriate user passwords is always an exercise in trade-offs. A password such as password (don't laugh, it has been used too often before in the real world) is just too easy to guess by an intruder, as are simple words or number combinations (a street address, for example). A security auditor for one of my former employers used to take the cover sheet from an employee's personnel file (which contained the usual personal information of name, address, birth date, and so on) and then attempt to log on to a terminal with passwords constructed from that information—and often succeeded in logging on.

On the other hand, a password such as 2a56u'"F($84u&#*Hiu44Ik%$([#EJD is sure to present great difficulty to an intruder (or an auditor). However, that password is so difficult to remember that it would be likely that the password owner would write that password down and tape it next to her keyboard. I worked for a business in which the safe combination was written on the ceiling tile over the safe; the manager could not remember it and was told he should not keep it on a piece of paper in his wallet. This is but one of many examples of poor security in the field.

The sysadmin has control, with settings in the /etc/shadow file, over how often the pass word must be changed. The settings can be changed with a text editor, the change command, or a configuration tool such as Fedora's User Manager, as shown in Figure 10.1. Click the Password Info tab under that particular user's Properties to set individual password policies.

Оглавление книги