|
Unix Tools
|
|
|
Authentication Tools
-
-
anlpasswd
-
- Crack
-
- cracklib
-
- Kerberos
-
- npasswd
-
- obvious-pw
-
- Opie
-
- passwd+
-
- pidentd
-
- S/Key
-
- shadow
-
- sra
The anlpasswd program (formerly perl-passwd) from Argonne National
Laboratory. A proactive password checker that refuses to let users choose
"bad" passwords.
![[Information]](/file/34401/Supernet21.iso/offline/w32/images/z0000103.GIF)
![[Download]](/file/34401/Supernet21.iso/offline/w32/images/z0000087.GIF)
The Crack program by Alex Muffett. A password-cracking program with
a configuration language, allowing the user to program the types of
guesses attempted.
The cracklib distribution by Alex Muffett. A library of functions that
can be called from passwd-like programs to try to prevent users from
choosing passwords that crack would be able to guess.
Kerberos is a network authentication system for use on physically
insecure networks, based on the key distribution model presented by
Needham and Schroeder. It allows entities communicating over
networks to prove their identity to each other while preventing
eavesdropping or replay attacks. It also provides for data stream
integrity (detection of modification) and secrecy (preventing
unauthorized reading) using cryptography systems such as DES.
The npasswd program by Clyde Hoover. A plug-compatible replacement for
passwd that refuses to accept "bad" passwords. Includes support for System
V Release 3 password aging and Sun's Network Information Service (NIS).
The obvious-pw function by John Nagle. This function depends upon a subtle
property of English. Less than one-third of the possible "triples,"
sequences of three letters, are used in English words. This property makes
it possible to distinguish random letter strings from strings that look
like English words. The idea is to reject passwords that "look like"
English words.
OPIE (One Time Passwords in Everything)
An S/Key derivative (the name was changed to avoid trademark infringement) developed at the US Naval Research Laboratory (NRL) over the past few years. OPIE implements the IETF One-Time Passwords (OTP) standard as per RFC-1938 and runs out of the box on most versions of UNIX. OPIE supports MD5 in addition to MD4 and has a number of other security enhancements when compared with the original Bellcore S/Key.
The passwd+ program by Matt Bishop. A proactive password checker that is
driven by a configuration file to determine what types of passwords are
and are not allowed. The configuration file allows the use of regular
expressions, the comparison of passwords against the contents of files
(e.g., dictionaries) and the calling of external programs to examine the
password.
The pident daemon by Peter Eriksson. Implements RFC1413 identification
server that can be used to query a remote host for the identification
of the user making a TCP connection request.
The S/Key one-time password system from Bellcore. Implements one-time
passwords for Unix systems. Includes one-time password generator programs
for PC's and Mac's. Be sure to check out OPIE for a
better replacement for S/Key with additional security enhancements.
The shadow program by John F. Haugh, II. A replacement for login and
passwd that can enable any system to use shadow password files. Includes
support for shadow password files, shadow group files, DBM password files,
double length passwords, and password aging.
Part of the TAMU tool set. sra provides secure RPC authentication for
FTP and TELNET.
[CIAC Home Page]
[Disclaimer]
Last modified: Monday, 10-Mar-97 12:31:03 PST
CIAC / webmaster@ciac.llnl.gov