Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!csd4.milw.wisc.edu!lll-winken!uunet!cos!hqda-ai!jay
From: jay@hqda-ai.UUCP (Jay Heiser)
Newsgroups: comp.unix.questions
Subject: Re: Need help with password aging
Summary: Passwd aging might be better than nothing!
Keywords: /etc/passwd, security
Message-ID: <25129@hqda-ai.UUCP>
Date: 27 Mar 89 20:17:15 GMT
References: <179@camdev.UUCP> <9059@alice.UUCP> <3275@ttrdc.UUCP> <9871@smoke.BRL.MIL>
Reply-To: jay@hqda-ai.ARPA (Jay Heiser)
Organization: CBSI@Washington, D.C.
Lines: 22

I haven't seen any mention of it yet, but Kochan & Wood have an
excellent text out called "UNIX System Security".  Hardbound, its
approx $35 & seems to be available in many computer bookstores.  If
your OS supports aging, then this is a must buy.

When I inherited a 1000 user + Office Automation system, I also
inherited approximately 500 identical passwords.  They called it the
'default password'.  It wasn't easy, but I talked them out of
assigning those.  I still have MANY group logins that are shared by OA
innocents.  Although that is ausdrucklich verboten, there isn't much I
can do to catch it.  

Password aging works very well on both of those problems.  System VR2
& VR3 force users to choose at least 6 chars, at least one of which is
non-alpha, certain number of characters must differ from the old one,
etc.  Aging isn't permanent, but it appears to be the best solution
for this site.  Now, if OFFICEPOWER only supported it, we'd have
something.

(WARNING: many applications, such as CCI's OFFICEPOWER, not only don't
support it, they defeat it.  OP actually deletes the aging info for
ALL users from the passwd file.)