[29093] in Kerberos
Re: Password History Policy Question
daemon@ATHENA.MIT.EDU (Dennis Putnam)
Fri Jan 18 08:30:48 2008
Mime-Version: 1.0 (Apple Message framework v752.2)
In-Reply-To: <28540.1200603287@malison.ait.iastate.edu>
Message-Id: <12910924-15CE-4023-984A-45C63002B0D3@aimaudit.com>
From: Dennis Putnam <dennis.putnam@aimaudit.com>
Date: Fri, 18 Jan 2008 08:29:38 -0500
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Jan 17, 2008, at 3:54 PM, John Hascall wrote:
> This is, indeed, a restriction. If you need more, you need to change
> the code and recompile, etc.
No code here. I'll have to use that as en excuse to get an exception.
>
> In any event, unless you also set a minimum password lifetime, you
> can't guarantee a no reuse in a year anyway (I could change my
> password
> 12 times in 12 minutes).
I have that covered.
>
> <soapbox>
> I realize that these sorts of password rules are often externally
> dictated,
> but it's not clear to me (or many others) that they actually have a
> positive
> effect on security).
> </soapbox>
<heckle>
Let me know when you convince non-technical security auditors.
</heckle>
>
>
> John
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
