View previous topic :: View next topic |
Author |
Message |
nash11 n00b
Joined: 30 May 2006 Posts: 26 Location: hk
|
Posted: Tue Aug 01, 2006 6:16 am Post subject: Change password policy |
|
|
When I force the user to change the password , the user will prompt the message (BAD PASSWORD: it is based on a dictionary word) , I understand this is a security reason to probit simple password , but if I want to disable this restriction ( that means the linux system allow any dictionary word ) , what can I do ? thx. |
|
Back to top |
|
|
Janne Pikkarainen Veteran
Joined: 29 Jul 2003 Posts: 1143 Location: Helsinki, Finland
|
Posted: Tue Aug 01, 2006 9:06 am Post subject: |
|
|
See file /etc/pam.d/system-auth - the line containing pam_cracklib.so is the one you want to modify. For documentation about pam_cracklib and its options, browse /usr/share/doc/pam-<your-installed-pam-version>. _________________ Yes, I'm the man. Now it's your turn to decide if I meant "Yes, I'm the male." or "Yes, I am the Unix Manual Page.". |
|
Back to top |
|
|
nash11 n00b
Joined: 30 May 2006 Posts: 26 Location: hk
|
Posted: Wed Aug 02, 2006 2:25 am Post subject: |
|
|
I would like to have one more requirement , the default password length is at least 7 characters, if I want to change the default setting , that the system accept the password length is 6 characters , what can i do ? thx |
|
Back to top |
|
|
Janne Pikkarainen Veteran
Joined: 29 Jul 2003 Posts: 1143 Location: Helsinki, Finland
|
Posted: Wed Aug 02, 2006 6:54 am Post subject: |
|
|
Change the pam_cracklib.so minlen parameter in /etc/pam.d/system-auth file. _________________ Yes, I'm the man. Now it's your turn to decide if I meant "Yes, I'm the male." or "Yes, I am the Unix Manual Page.". |
|
Back to top |
|
|
nash11 n00b
Joined: 30 May 2006 Posts: 26 Location: hk
|
Posted: Wed Aug 02, 2006 12:14 pm Post subject: |
|
|
thx reply ,
the password length is Ok now , thx for help.
I would like to ask again , now my system accept the numerics only or characters only password , for example , the password can be 741852 ( all numerics ) or poiuyt ( all characters ) , if I want to control the password MUST have BOTH characters AND numerics , what can I do ? thx |
|
Back to top |
|
|
Janne Pikkarainen Veteran
Joined: 29 Jul 2003 Posts: 1143 Location: Helsinki, Finland
|
Posted: Wed Aug 02, 2006 12:19 pm Post subject: |
|
|
Not to be rude or anything, but did you read at all the documentation I pointed you at earlier?
Anyway, this is a copy-paste from /usr/share/doc/pam-<my-pam-version>/txt/README.pam_cracklib.gz:
Code: |
dcredit=N
ucredit=N
lcredit=N
ocredit=N Weight, digits, upper, lower, other characters with
count N. Use these values to compute the
'unsimplicity' of the password. |
You can put those parameters to /etc/pam.d/system-auth pam_cracklib.so line. For your use dcredit and/or u/lcredit values are the most important. _________________ Yes, I'm the man. Now it's your turn to decide if I meant "Yes, I'm the male." or "Yes, I am the Unix Manual Page.". |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|