Can password security be improved using MDE in suse70
I understand that the password security of linux can be improved in RH70 by selecting MDE, kerberos or something similar. I personally is a little tired of having to restrict passwords to max 8 characters because it reduces the security of the password. If anybody knows how to improve the password security on a SuSE 7.0 system i would appresiate the information. Thanks in advance Bo Jacobsen bjc@image.dk
You mean MD5. Yes, you can have passwords bigger than 8 chars if you use MD5 hashes instead of crypt. You can also get the same kind of behavior if you use "bigcrypt". bigcrypt allows you to use passwords up to around 100chars, MD5 allows passwords up to around 128chars. I am not sure about the exact size of the password you are allowed to use, but I know these numbers are close. BTW, MD5 is a selectable option in Redhat since version 5.2/6.0 (one of those.. its nothing new). The /usr/doc/packages/pam/README.md5 has more information about using MD5 passwords. -miah On Sun, Nov 26, 2000 at 06:05:58PM +0100, Bo Jacobsen wrote:
I understand that the password security of linux can be improved in RH70 by selecting MDE, kerberos or something similar.
I personally is a little tired of having to restrict passwords to max 8 characters because it reduces the security of the password.
If anybody knows how to improve the password security on a SuSE 7.0 system i would appresiate the information.
Thanks in advance Bo Jacobsen bjc@image.dk
On Sun, 26 Nov 2000, Bo Jacobsen wrote:
I personally is a little tired of having to restrict passwords to max 8 characters because it reduces the security of the password.
Check /usr/share/doc/packages/pam for documentation. Specifically README.md5 tells you what you need to do to enable it. Jonathan Conway
If anybody knows how to improve the password security on a SuSE 7.0 system i would appresiate the information.
This is how I did it I hope I did not unintentionally open myself up but at least it works. Edit /etc/pam.d/login and edit the line that says password required /lib/security/pam_pwcheck.so nullok md5 the md5 wa added by me I did this because in /etc/login.defs there was a comment saying # number of significant characters in the password for crypt() # ....etc ignored if th "md5" option is given to the pam_pwcheck option obviously I wanted to use md5 thus I added my option and now I can use longer passwords.
Hi semat,
This is how I did it I hope I did not unintentionally open myself up but at least it works. Edit /etc/pam.d/login and edit the line that says password required /lib/security/pam_pwcheck.so nullok md5
the md5 wa added by me I did this because in /etc/login.defs there was a comment saying # number of significant characters in the password for crypt() # ....etc ignored if th "md5" option is given to the pam_pwcheck option obviously I wanted to use md5 thus I added my option and now I can use longer passwords.
I just tried your solution and changed my /etc/pam.d/login to password required /ib/security/pam_pwcheck.so nullok md5 use_cracklib without any success. The passwords get cut to 8 characters. I am using SuSE 7.0 and of course i'm interested in using longer passwords. Any ideas? * * Ihr Formel4-Team * mailto:info@formel4.de *
Did you read the mail from Jonathan Conway from Sunday 23:45 ??? rise wrote:
On Sun, 26 Nov 2000, Bo Jacobsen wrote:
I personally is a little tired of having to restrict passwords to max 8 characters because it reduces the security of the password.
Check /usr/share/doc/packages/pam for documentation. Specifically README.md5 tells you what you need to do to enable it.
Jonathan Conway
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
I did it as explained there and it worked! Don't forget to restart rcnscd if it's running! What I did was simple: cd /etc/pam.d for f in /usr/share/doc/packages/pam/md5.config/* ; do mv `basename $f` `basename $f`,SuSE-7.0.orig ; cp $f . ; done rcnscd restart that was it! Hope this helps! richard -- Richard Ems ... e-mail: r.ems@gmx.net ... Fachbereich Informatik, Universität Hamburg Unix IS user friendly. It's just selective about who its friends are.
Hi,
I did it as explained there and it worked! Don't forget to restart rcnscd if it's running!
Oh dear, its monday. Ok. nscd restarted and everything works fine. Sorry for my noise. cu * * Ihr Formel4-Team * mailto:info@formel4.de *
You also need to change /etc/pam.d/passwd to include the md5 stuff as well: [root@inflammation texts]# cat /etc/pam.d/passwd #%PAM-1.0 auth required /lib/security/pam_pwdb.so shadow nullok account required /lib/security/pam_pwdb.so password required /lib/security/pam_cracklib.so retry=3 password required /lib/security/pam_pwdb.so use_authtok nullok md5 shadow You could alternatively read the documentation at /usr/doc/packages/pam/readme.md5. -miah On Mon, Nov 27, 2000 at 03:31:07PM +0100, Ralf Koch wrote:
Hi semat,
This is how I did it I hope I did not unintentionally open myself up but at least it works. Edit /etc/pam.d/login and edit the line that says password required /lib/security/pam_pwcheck.so nullok md5
the md5 wa added by me I did this because in /etc/login.defs there was a comment saying # number of significant characters in the password for crypt() # ....etc ignored if th "md5" option is given to the pam_pwcheck option obviously I wanted to use md5 thus I added my option and now I can use longer passwords.
I just tried your solution and changed my /etc/pam.d/login to password required /ib/security/pam_pwcheck.so nullok md5 use_cracklib
without any success. The passwords get cut to 8 characters. I am using SuSE 7.0 and of course i'm interested in using longer passwords.
Any ideas?
* * Ihr Formel4-Team * mailto:info@formel4.de *
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
I just tried your solution and changed my /etc/pam.d/login to password required /ib/security/pam_pwcheck.so nullok md5 use_cracklib I hope this was a typo i.e it should be /lib not /ib and use_cracklib should be on the same line as the rest. Please read /usr/share/doc/packages/pam/README.md5 I read it yesterday after answering your question and I found it interesting. I think it contains the answer to your question.
participants (6)
-
Bo Jacobsen
-
jjohnson@penguincomputing.com
-
Ralf Koch
-
Richard Ems
-
rise
-
semat