Yes, Further to Lars - I would DEFINITELY either remove users with weak passwords, i.e. default system users like informix, (assuming you're not using informix, obviously), or give them a decent, i.e. minimum 8 characters, upper/lower cased letters and numbers mixed. If you're in doubt about removing users just give them a password, i.e. you're superuser password. If someone gets you're SU password the jigs pretty much up anyway.... What is your thinking behind not letting your users know about weak passwords, just as a matter of interest? Andy
>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<
On Mon, Nov 18, 2002 at 09:48:45AM -0600, Linux User wrote:
Hi guys... I install seccheck on my suse email server.. and it seems that one of it's security test it check for weakness passwords, and send to
On 11/18/02, 5:24:27 PM, Lars Ellenberg
users an email with something like:
How could I stop that process to send an email to each user ?
afair, rpm -e john ...
if it is not there, it cannot check your passwords :) probably mv /usr/sbin/john{,.the.ripper} will do, too ...
rpm -i john: "John the Ripper" detects weak passwords like first names, common expressions etc. on your system.
uhm, do you really want to have those passwords on your machine?
hth, Lars
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here