I was looking for a good list of words to exclude people from using as passwords, i.e. those that could be guessed easily. I'm working through a whole bunch of suggestions from
skullsecurity.org, but I managed to find
this page that seems to suggest I have more options than I thought.
I have a server built at AIX 6.1.3.0, but recently brought up to AIX 6.1.7.5, so I think I qualify, but there have been no changes to /etc/security/user by the update.
Adding a record in the
default: stanza for
minloweralpha has no effect.
Back on quest for a dictionary list, the suggestions on the document are shown for excluding the sequence "123" from a user selected password, but I can't get that to work either. Does anyone have it working and can point out why I am being a fool?
My personal stanza in /etc/security/user has a dictionlist definition and I can prove that it is effective for excluding specific words, such as
password but I'd prefer to craft some woolly rules to exclude our usual suspects like "July2012" etc.
Am I just missing something obvious? I have just installed bos.data from the original media, which has given me a /usr/share/dict/words file full of all sorts of stuff, but they are all explicit exclusions and I still can't get either of the above to work.
..... and why does
: wall : appear as a question box now?
Many apologies and thanks, in advance,
Robin
Liverpool/Blackburn
UK