[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] cracklib question

Subject: Re: [cobalt-security] cracklib question
From: "Steve Werby" <steve-lists@xxxxxxxxxxxx>
Date: Sat, 2 Mar 2002 09:40:33 -0500
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

"Render-Vue" <sales@xxxxxxxxxxxxxx> wrote:
> Been checking out a server for one of my friends - he has leased it from a
> well known colo centre.
>
> I've just been installing IPChains, chkrootkit, ssh, logcheck and all the
> other essentials for him - so he doesn't have to got through some of the
> heartache I went through after leasing some servers.
>
> Had a snoop through some of the directories as su (ssh2 of course) and
> found these 3 files hidden away in usr/lib
>
> cracklib_dict.hwm
> cracklib_dict.pwd
> cracklib_dict.pwi
>
> Now I know this is for testing passwords for vulnerabilities - surely this
> wouldn't be standard installation files would it?

They're nothing to worry about.  They're pre-installed and used by the
program "passwd" so that users are warned when they try to create weak
passwords.  It's a good thing.  If you check your RaQ you should find the
same files.

--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/

References:
- [cobalt-security] cracklib question
  - From: Render-Vue

Prev by Date: Re: [cobalt-security] pro's and cons of not letting GUI change ro ot password
Next by Date: Re: [cobalt-security] pro's and cons of not letting GUI change ro ot password
Previous by thread: Re: [cobalt-security] cracklib question
Next by thread: [cobalt-security] chkrootkit keeps complaining about hidden processes

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index