Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 31 Aug 2007 14:25:23 -1000
From: Don Colton <don@...ton.byuh.edu>
To: john-users@...ts.openwall.com
Subject: dynamic password list

Aloha,

I administer a linux server that has 100+ student accounts.  I am
using john to identify weak passwords, whereupon I notify the student
and eventually suspend uncorrected accounts.  This helps me teach the
students how to pick a good password, and helps me enforce it.

My current approach is to simply run john in the background forever,
manually restarting it occasionally (say once every month or two).  I
run -show via cron once a day and feed the results into a script.

When students change their passwords, it appears that john eventually
dynamically recognizes changes to /etc/shadow and includes them in its
processing without requiring a restart.  This does not seem to happen
as frequently as I would like.

What I would like to happen is this, roughly.

   When /etc/shadow changes, I would like john to notice within a few
   minutes and shift into pre-incremental mode to handle the new
   password(s).  Then resume regular incremental mode.

Does john already do this?

If not, is there already a way to make this happen?

Would it help if I run a second copy of john in single mode on each
new password as I notice it?

If I understand correctly, non-incremental mode runs to completion
relatively quickly, and then incremental mode continues pretty much
forever after that.

Would it help if I run a second copy of john in non-incremental mode
every night, and leave the first copy of john in incremental mode?

Thanks!  Don

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ