Does anyone know of a way or 3rd party software available that will do the following password related things.
1. In many UNIX's, there is a way to set password construction rules... such as all passwords must be at least 8 characters and must have at least 1 non alphabetic character...
2. Lockout a user's account when their password is typed incorrectly X amount of times. I have found pam modules for other OS's that do this, has anyone seen one available for Darwin/Mac OS X.
I am a pretty accomplished FreeBSD admin and what puzzles me is that if they were going to port over most of FreeBSD's userland, why didn't they take the /etc/login.conf functionality as well...GRRR. Heck, even Windows offers this ability. I hope I am simply mistaken.
I am asking this because I work for a company that builds computer systems for the Air Force (Major Defense Contractor). The systems often reside on classified networks and in general must comply with the US Gov'ts C2 requirements. The password related items I listed above are sticking points where Macs are concerned and since I like Macs, I am trying to get several macs that have been laying around onto one of these networks. While 10.3 did make some significant improvements where password security is concerned(shadowed passwords, MD5 hashes, etc...) it seems that Apple has a bit further to go where defense contracts are concerned. It just irks me when Linux or FreeBSD can do something that Mac OS X doesn't seem to be able to with me coding my pam modules.
I have no experience with OSX server... does the server offer this sort of granularity where account passwords are concerned? I know that with Netinfo, Mac's have the ability to many of the things that NIS can do, but does it surpass NIS(not C2 compliant) where centralized account management is concerned?
Any help I can get will help me out greatly... not to mention give me more ammunition to dog the NT admins.
Thanks in advance.
1. In many UNIX's, there is a way to set password construction rules... such as all passwords must be at least 8 characters and must have at least 1 non alphabetic character...
2. Lockout a user's account when their password is typed incorrectly X amount of times. I have found pam modules for other OS's that do this, has anyone seen one available for Darwin/Mac OS X.
I am a pretty accomplished FreeBSD admin and what puzzles me is that if they were going to port over most of FreeBSD's userland, why didn't they take the /etc/login.conf functionality as well...GRRR. Heck, even Windows offers this ability. I hope I am simply mistaken.
I am asking this because I work for a company that builds computer systems for the Air Force (Major Defense Contractor). The systems often reside on classified networks and in general must comply with the US Gov'ts C2 requirements. The password related items I listed above are sticking points where Macs are concerned and since I like Macs, I am trying to get several macs that have been laying around onto one of these networks. While 10.3 did make some significant improvements where password security is concerned(shadowed passwords, MD5 hashes, etc...) it seems that Apple has a bit further to go where defense contracts are concerned. It just irks me when Linux or FreeBSD can do something that Mac OS X doesn't seem to be able to with me coding my pam modules.
I have no experience with OSX server... does the server offer this sort of granularity where account passwords are concerned? I know that with Netinfo, Mac's have the ability to many of the things that NIS can do, but does it surpass NIS(not C2 compliant) where centralized account management is concerned?
Any help I can get will help me out greatly... not to mention give me more ammunition to dog the NT admins.
Thanks in advance.
