>
> We have a cracking engine running against our password 'file' where
> 'file' is the NIS passwords list. I'm not going to divulge in
> public what technology we use.
Is lcg-rollout at all list to which such specific incidents should be
reported? Why the discussion did not continue on security contacs lists,
which is the only appropriate for security incidents? We can discuss general
things on rollout, what to do and what not, but operational things should be
done accoriding to the manuals...
Regards, Antun
>
> > In my experience
> > users are uncomfortable with such practices (and in some
> > countries this is a grey legal area involving privacy
> > issues). A more convenient and easy solution is the
> > employment of a tool like pam cracklib to prevent weak
> > passwords from ever being set, rather than devoting effort
> > into cracking them later and chasing people to change them.
>
> See above.
>
> Martin.
>
> --
> Martin Bly | RAL Tier1 Systems Team
> T: +44|0 1235 446981 | F: +44|0 1235 446626
>
> >
------- End of Original Message -------
|