Password History Policy Question

Dennis Putnam dennis.putnam at aimaudit.com
Fri Jan 18 08:29:38 EST 2008


On Jan 17, 2008, at 3:54 PM, John Hascall wrote:

> This is, indeed, a restriction.  If you need more, you need to change
> the code and recompile, etc.

No code here. I'll have to use that as en excuse to get an exception.

>
> In any event, unless you also set a minimum password lifetime, you
> can't guarantee a no reuse in a year anyway (I could change my  
> password
> 12 times in 12 minutes).

I have that covered.

>
> <soapbox>
> I realize that these sorts of password rules are often externally  
> dictated,
> but it's not clear to me (or many others) that they actually have a  
> positive
> effect on security).
> </soapbox>

<heckle>
Let me know when you convince non-technical security auditors.
</heckle>

>
>
> John
>




More information about the Kerberos mailing list