Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Need help configuring PAM (Plugable Authentication Module)
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
cdelc040
n00b
n00b


Joined: 07 Feb 2005
Posts: 11

PostPosted: Mon Nov 28, 2005 5:34 pm    Post subject: Need help configuring PAM (Plugable Authentication Module) Reply with quote

I am trying to configure PAM on a server to only allow people to use "secure" passwords (at least one number, symbol, uppercase, and lowercase; length >= 8 ). I have been searching the internet and trying to follow instructions that are out there and it all seems so different than it should be. I have changed my /etc/pam.d/passwd file to be
Code:
#%PAM-1.0

auth     required pam_unix.so shadow nullok
account  required pam_unix.so
password required pam_cracklib.so difok=3 retry=3 minlen=8 dcredit=1 ocredit=1 lcredit=1 ucredit=1
password required pam_unix.so md5 use_authtok
session  required pam_unix.so

instead of
Code:
#%PAM-1.0

auth       include      system-auth
account    include      system-auth
password   include      system-auth

According to many articles I've read it should have fixed the password security issue, but it didn't. I can enter just about any password (non-dictionary word) that I want (particularly just numbers and lowercase letters). Why? Can anyone help me? Thanks.
_________________
Chris Delcamp
Network Engineer & Gentoo Systems Admin
Back to top
View user's profile Send private message
cdelc040
n00b
n00b


Joined: 07 Feb 2005
Posts: 11

PostPosted: Mon Nov 28, 2005 6:26 pm    Post subject: Fixed Reply with quote

Never mind. The problem is that if you want to enforce the restrictions I wanted you need to use negative numbers like this
Code:
password required pam_cracklib.so debug difok=3 retry=3 minlen=8 dcredit=-1 ocredit=-1 lcredit=-1 ucredit=-1

Answer was found at http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam-6.html I hope this can help someone else out.

Also, if you are interested in password security checkout chage a utility to change a user's password expiration information.
_________________
Chris Delcamp
Network Engineer & Gentoo Systems Admin
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum