How does an admin enforce better passwords and password management?
There are several techniques that an admin might employ to force users to use better passwords, and several different packages that could be loaded and configured onto most Unix systems to better secure the passwords. One of the first techniques is to enforce password aging. While this varies from system to system, basically password aging states that you can “expire” a password. That way you can force a user to have to change his password periodically. The security advantage is that if the user changes their password every 30 days, that stolen password file is obsolete after a month (in theory, see the next question). This alone is not real security unless it is used in conjunction with other password techniques. Some systems allow a minimal password length to be specified, certain dictionary words to be disallowed, or even disallow perceived “crackable” passwords. This in combination with password aging can help ensure that a user’s password is probably going to be aged and therefore
