Mailinglist Archive: opensuse-security (228 mails)

< Previous Next >
RE: [suse-security] Allow MAC addresses through SuSEfirewall2
  • From: "Carlos E. R." <robin1.listas@xxxxxxxxxx>
  • Date: Mon, 7 Mar 2005 03:20:43 +0100 (CET)
  • Message-id: <Pine.LNX.4.58.0503070305210.7405@xxxxxxxxxxxxxxxx>

The Sunday 2005-03-06 at 14:18 -0000, Thomas Knight wrote:

> > There are settings in Yast (profesional version) to force users to have
> > "safer" passwords. I supposse the enterprise version has similar settings.
> >
> > Also, you could set up ssh to not accept login/password entry, but public
> > key instead.
>
> I'm with you there.
> What I mean is if I use username/password they'll just save the password
> somewhere.

You can also force them to change the passwords every two weeks :-P

I remember once, while working for a certain important company (US based
multinational), we were issued passwords for accessing certain machines
(not exactly computers). A "boss" gave us big envelopes. Inside, there
was a sealed envelope (secret and confidential) and a booklet explaining
how to safely use passwords, how to choose them, how to keep them... etc.
We had to sign and return a form as "read and understood". The sealed
envelope contained the passwords, of course. I'm unsure now if the person
that gave us the envelopes waited nearby till we returned the forms while
keeping an eye on us, but I think he did...

Sounds too paranoic? :-)

Actually, I saw more "paranoic" measures from them a few years later on.


> If they use PPK they'll "forget" to specify a passphrase for their private
> key, which is out of my control.

Yes, that's a thing I noticed recently. The sshd server can not force the
client to use a long passphrase, I understand.


> Hey, I'll log all access and they'll have limited privs. We do what we can!

Yap :-)

>
> Ta for the thoughts,

Welcome.

--
Cheers,
Carlos Robinson

< Previous Next >
References