
     _________________________________________________________________
   
                       Npasswd Questions And Answers
     _________________________________________________________________
   
General issues
   ___________________________________
   
   Q. My system has shadow passwords. Why would I need npasswd?
   
   A. Shadow passwords makes it harder for a bad guy to obtain encrypted
   passwords. But that protection is a function of the UNIX file system.
   There are a number of "root kits" available for intruders to gain
   super-user privileges on your system so they can get a copy of your
   password and shadow files.
   
   Combining intelligent password checking with a shadow database
   provides the best protection short of one-time use passwords or
   challenge/response smart card systems.
   ___________________________________
   
   Q. Is npasswd compatible with the passwd program supplied by my system
   vendor?
   
   A. The basic functionality of the passwd program (changing passwords)
   is the same. However, many vendor passwd programs have specialty
   options that npasswd does not. This is usually because the option is
   ill-documented or very esoteric and a hard to replicate. The npasswd
   installation procedure will preserve the vendor programs in the
   npasswd installation directory. These programs will be invoked to do
   what npasswd cannot.
   ___________________________________
   
   Q. Are there npasswd binaries that I can drop in?
   
   A. Npasswd is distributed in source for the following reasons:
     * There are customizations which must be chosen at compilation time.
       I consider these options important for the installer to be aware
       of, even though they probably will not need to be changed.
     * I did not want to arbitrarily decide where you want to install
       npasswd. You have the option of changing the default to suit your
       needs. For example, the location of the password history database
       is dependent upon system configuration.
   ___________________________________
   
   Q. How much do I need to know to build and install npasswd?
   
   A. A lot of work has gone into making npasswd easier to build, install
   and maintain. However, this is not a "turn the crank and go" process.
   You should be familiar with your C compiler and make.
   ___________________________________
   
   Q. What support is available?
   
   A. Bug reports will be investigated on a time-available basis. See the
   [1]Npasswd Support Guide.
   ___________________________________
   
   Q. Is there any maintenance required?
   
   A. The password history database must be purged periodically. Use the
   history_admin program for this purpose. See [2]history_admin(1).
   ___________________________________
   
Password checking
   ___________________________________
   
   Q. Can I use Crack dictionaries with npasswd?
   
   A. Yes, but not directly. The dictionary hash format used by Crack is
   optimized to conserve disk space. The npasswd dictionary hash format
   is optimized for lookup speed. Crack dictionaries can be converted for
   use by npasswd.
   
   See the [3]Npasswd Administration Guide for the conversion procedure.
   ___________________________________
   
   Q. How many dictionaries do I need or want?
   
   A. As many as you can stand. You can have multiple dictionaries, each
   generated from a distinct word list, or one large combined dictionary.
   A number of smaller dictionaries allows easier customization than one
   big dictionary.
   ___________________________________
   
   Q. How does the size of my dictionaries affect password security?
   
   A. More dictionary words equals greater password security. It may also
   mean greater frustration in your user community because npasswd will
   reject more passwords.
   ___________________________________
   
   Q. Why are there words in the dictionary which are shorter than the
   minimum password length? Wouldn't it save disk space to remove these
   short words from the dictionaries?
   
   A. Several permutations are made on each dictionary word. For example,
   "quick" is too short to be a password, (minimum length is 6), but
   "quickly" is long enough and would be found by the test of the plural
   form of the word "quick" from the dictionary. If bad guys have "quick"
   in their Crack dictionaries, and you don't - your system can be in
   trouble.
   ___________________________________
   
   Q. Why is npasswd so picky about accepting passwords?
   
   A. Because the bad guys who are trying to get your passwords are using
   some very thorough tools like Crack. The dictionary check code in
   npasswd was written by the author of Crack, and performs the same
   checks. Given sufficient dictionaries, if npasswd accepts a password
   there is a good chance that Crack will not guess it.
   ___________________________________
   
   Q. What kind of passwords will npasswd accept?
   
   A. A mixture of upper and lower case alphas, with a sprinkling of
   punctuation characters and digits will usually pass muster. Control
   and whitespace characters can also be included, but should be used
   with caution - some applications which read passwords may not deal
   with these very well.
     _________________________________________________________________
   
   [4][LINK]Top    [5][LINK]Home
   ______________________________________________________________________
   
   Document id @(#) QNA.html 1.5
   Version 1.5
   Last modified 07/20/98
   
   
    [6]Clyde Hoover
    [7]Academic Computing Services and Instructional Technology Services
    [8]The University of Texas at Austin
    [9]Copyright 1998, The University of Texas at Austin. All rights
    reserved.

References

   1. file://localhost/./Support.html
   2. file://localhost/./history_admin_1.html
   3. file://localhost/./AdminGuide.html
   4. file://localhost/./QNA.html#top
   5. file://localhost/./TOC_std.html
   6. mailto:c.hoover@cc.utexas.edu
   7. http://www.utexas.edu/cc
   8. http://www.utexas.edu/
   9. file://localhost/./Copyright.html
