[BozemanLUG] How to get over the PAM password management hump for PCI Data Security Standard compliance?
Patrick Pitman
patrick at e-businesscoach.com
Wed Jan 16 16:21:33 MST 2008
Hi,
Can anyone please describe a stable Linux (preferably Red Hat)
environment that meets all the Payment Card Industry's Data Security
Standard concerning configuration of PAM for password /
authentication features? Can you share how you've approached reaching
compliance in this area, section 8.5?
Specifically, sections of the PCI DSS standard 8.5.3, 8.5.9, 8.5.10,
etc. describe requirements for controlling passwords for system login
that we find challenging, and would welcome input from others who may
have already solved the problem. Sections 8.5.12, 8.5.13, and 8.5.14
describe requirements that would seem solvable with the latest
version of PAM, but that isn't widely deployed yet in stable Linux
environments.
As background for what I'm talking about:
https://www.pcisecuritystandards.org/tech/index.htm
http://en.wikipedia.org/wiki/Pluggable_Authentication_Modules
http://www.kernel.org/pub/linux/libs/pam/
*A consulting contract is a possible outcome of this question. If you
don't know, perhaps you could flip this to a friend who might make a
buck off helping us get the answer. . .
~ Patrick
---
Patrick Pitman
1-877-816-8161 ext. 3
Retail merchants grew web sales +49% on average in 2006, with
our turnkey e-commerce hosting, software, and marketing coaching.
http://www.e-businesscoach.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.bozemanlug.org/pipermail/discuss/attachments/20080116/b17ece3a/attachment.html
More information about the Discuss
mailing list