From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1OjIUg-0004A4-K3 for garchives@archives.gentoo.org; Wed, 11 Aug 2010 21:05:50 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id BE7F5E0B25 for ; Wed, 11 Aug 2010 21:05:49 +0000 (UTC) Received: from mail-ey0-f181.google.com (mail-ey0-f181.google.com [209.85.215.181]) by pigeon.gentoo.org (Postfix) with ESMTP id 7F016E0974 for ; Wed, 11 Aug 2010 20:33:28 +0000 (UTC) Received: by eye22 with SMTP id 22so374872eye.40 for ; Wed, 11 Aug 2010 13:33:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:subject:date :user-agent:references:in-reply-to:mime-version:content-type :content-transfer-encoding:message-id; bh=MP6AO5Dv7u4DWrx6A9P9qtfkKQT5fb96lv/VT2rQcWU=; b=lfnXRtgPdpp/K/3Lelwl6aGYwKozmbvgS4pOKMFAg9CROX/d+S3pzX4GaafRMuTcHT MnvGLKyhLK7NF3rDZn8IDaTbfaT9Ij32YbVmKlt0jTwQkYbf9fLP3cHjnzhvKedhbU2Q zOyfL060t4XqCotICWURQgDSvj6dDb44o26xM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:subject:date:user-agent:references:in-reply-to:mime-version :content-type:content-transfer-encoding:message-id; b=lm3es+rg5Ri0QicTI/Op/3Zu/pwgvdiZpiVL1hcK68+wpGz0iA7v0DYZEcrI5SBDGK E6egyn8Ojylc1VeDx0MW/6Q0R+M6e7PHRL6D3vnhZb1oB7VEfMcawxLD4Z6y7X+c0rvw bvnp0T/yrHC46YSzl2VDoRDH7rZswVeEmZVG4= Received: by 10.213.28.145 with SMTP id m17mr6166411ebc.66.1281558807955; Wed, 11 Aug 2010 13:33:27 -0700 (PDT) Received: from nazgul.localnet (196-210-183-170.dynamic.isadsl.co.za [196.210.183.170]) by mx.google.com with ESMTPS id a48sm805626eei.0.2010.08.11.13.33.25 (version=TLSv1/SSLv3 cipher=RC4-MD5); Wed, 11 Aug 2010 13:33:27 -0700 (PDT) From: Alan McKinnon To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Rooted/compromised Gentoo, seeking advice Date: Wed, 11 Aug 2010 22:30:26 +0200 User-Agent: KMail/1.13.5 (Linux/2.6.34-ck-r1; KDE/4.4.5; x86_64; ; ) References: <4C62E90A.20601@gmail.com> In-Reply-To: <4C62E90A.20601@gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <201008112230.26977.alan.mckinnon@gmail.com> X-Archives-Salt: 33c1a55c-354e-4610-854f-96ce1286dc43 X-Archives-Hash: 31dd4b039791ecf4f2fa0991a190757f On Wednesday 11 August 2010 20:16:42 Dale wrote: > Stroller wrote: > > On 10 Aug 2010, at 20:22, Hazen Valliant-Saunders wrote: > >> ... > >> Good Luck getting people to change them frequently and haveing your > >> techs and it departments meeting complexity and length policy. > > > > I'm pretty sure that's a trivial setting for expiration policy and a > > PAM plugin or option to enforce complexity. > > > > Stroller. > > Thing about changing passwords to often, the person forgets what the > password is. I have a good strong password for my bank and credit > card. If I had to change it every month, six months or something, I > would set it to something simple so that I could remember what the > password is. Then I would write it down to help me remember it as well. > > Changing the password often can actually lead to other issues. I refuse to implement password expiration policies and have a vast array of literature to back me up when some dimwit damager gets on his expiration high horse. My users pick their own passwords - I present a list of 5 from apg and let them pick one. Accounts do expire if they go unused for 90 days, but not passwords. What put me onto this policy? I found Gartner recommending password expiration. I find the best security possible is always the opposite of what Gartner says. Discovering how the AD admins in the company go about their jobs was the convincing straw :-) -- alan dot mckinnon at gmail dot com