| View previous topic :: View next topic |
| Author |
Message |
cdelc040
n00b
Joined: 07 Feb 2005
Posts: 11
|
 Posted: Mon Nov 28, 2005 5:34 pm Post subject: Need help configuring PAM (Plugable Authentication Module) |
 |
|
I am trying to configure PAM on a server to only allow people to use "secure" passwords (at least one number, symbol, uppercase, and lowercase; length >= 8 ). I have been searching the internet and trying to follow instructions that are out there and it all seems so different than it should be. I have changed my /etc/pam.d/passwd file to be
| Code: | #%PAM-1.0
auth required pam_unix.so shadow nullok
account required pam_unix.so
password required pam_cracklib.so difok=3 retry=3 minlen=8 dcredit=1 ocredit=1 lcredit=1 ucredit=1
password required pam_unix.so md5 use_authtok
session required pam_unix.so |
instead of
| Code: | #%PAM-1.0
auth include system-auth
account include system-auth
password include system-auth |
According to many articles I've read it should have fixed the password security issue, but it didn't. I can enter just about any password (non-dictionary word) that I want (particularly just numbers and lowercase letters). Why? Can anyone help me? Thanks.
_________________
Chris Delcamp
Network Engineer & Gentoo Systems Admin |
|
| Back to top |
|
 |
cdelc040
n00b
Joined: 07 Feb 2005
Posts: 11
|
| Posted: Mon Nov 28, 2005 6:26 pm Post subject: Fixed |
|
|
Never mind. The problem is that if you want to enforce the restrictions I wanted you need to use negative numbers like this
| Code: | | password required pam_cracklib.so debug difok=3 retry=3 minlen=8 dcredit=-1 ocredit=-1 lcredit=-1 ucredit=-1 |
Answer was found at http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam-6.html I hope this can help someone else out.
Also, if you are interested in password security checkout chage a utility to change a user's password expiration information.
_________________
Chris Delcamp
Network Engineer & Gentoo Systems Admin |
|
| Back to top |
|
|
|
Networking & Security
