Mailinglist Archive: opensuse-autoinstall (29 mails)
| < Previous | Next > |
[opensuse-autoinstall] complex password
- From: "Justin Lim" <jlim@xxxxxxxxxxx>
- Date: Thu, 12 Jun 2008 10:52:47 -0500
- Message-id: <005201c8cca4$5c8fa600$15aef200$@com>
Hello,
I am trying to setup some complex password settings and is having some
problems with both SLES9 and SLES10.
In my autoyast template I have the following <security> section
<security>
<console_shutdown>ignore</console_shutdown>
<cwd_in_root_path>no</cwd_in_root_path>
<fail_delay>5</fail_delay>
<faillog_enab>yes</faillog_enab>
<lastlog_enab>yes</lastlog_enab>
<encryption>blowfish</encryption>
<pass_max_days>60</pass_max_days>
<pass_min_days>0</pass_min_days>
<pass_warn_age>10</pass_warn_age>
<pass_max_len>20</pass_max_len>
<pass_min_len>10</pass_min_len>
<passwd_use_cracklib>yes</passwd_use_cracklib>
<permission_security>secure</permission_security>
</security>
This would generate /etc/security/pam_pwcheck.conf to be
Password: minlen=20 cracklib blowfish nullok
And also in /etc/login.defs sets
PASS_MAX_DAYS 60
PASS_MIN_DAYS 0
PASS_WARN_AGE 10
However when setting up complex passwords using the xlimits on
/etc/pam.d/passwd ie
more /etc/pam.d/passwd
#%PAM-1.0
auth required pam_unix2.so nullok
account required pam_unix2.so
password required pam_pwcheck.so
password required pam_cracklib.so use_first_pass use_authtok
no_obscure_checks retry=3 minlen=11 difok=-1 dcredit=-1 ucredit=-
1
password required pam_pwcheck.so use_authtok remember=12
password required pam_unix2.so nullok use_first_pass use_authtok
session required pam_unix2.so
having the /etc/security/pam_pwcheck.conf as above will break it. So
/etc/security/pam_pwcheck.conf would have to be changed to the following
Password: blowfish nullok
So when I got in touch with novell support they asked me to use <file> to
overwrite the /etc/security/pam_pwcheck.conf and /etc/pam/passwd and also
/etc/login.defs but is there any other solutions than to just over write the
files ?
Thanks
--
To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-autoinstall+help@xxxxxxxxxxxx
I am trying to setup some complex password settings and is having some
problems with both SLES9 and SLES10.
In my autoyast template I have the following <security> section
<security>
<console_shutdown>ignore</console_shutdown>
<cwd_in_root_path>no</cwd_in_root_path>
<fail_delay>5</fail_delay>
<faillog_enab>yes</faillog_enab>
<lastlog_enab>yes</lastlog_enab>
<encryption>blowfish</encryption>
<pass_max_days>60</pass_max_days>
<pass_min_days>0</pass_min_days>
<pass_warn_age>10</pass_warn_age>
<pass_max_len>20</pass_max_len>
<pass_min_len>10</pass_min_len>
<passwd_use_cracklib>yes</passwd_use_cracklib>
<permission_security>secure</permission_security>
</security>
This would generate /etc/security/pam_pwcheck.conf to be
Password: minlen=20 cracklib blowfish nullok
And also in /etc/login.defs sets
PASS_MAX_DAYS 60
PASS_MIN_DAYS 0
PASS_WARN_AGE 10
However when setting up complex passwords using the xlimits on
/etc/pam.d/passwd ie
more /etc/pam.d/passwd
#%PAM-1.0
auth required pam_unix2.so nullok
account required pam_unix2.so
password required pam_pwcheck.so
password required pam_cracklib.so use_first_pass use_authtok
no_obscure_checks retry=3 minlen=11 difok=-1 dcredit=-1 ucredit=-
1
password required pam_pwcheck.so use_authtok remember=12
password required pam_unix2.so nullok use_first_pass use_authtok
session required pam_unix2.so
having the /etc/security/pam_pwcheck.conf as above will break it. So
/etc/security/pam_pwcheck.conf would have to be changed to the following
Password: blowfish nullok
So when I got in touch with novell support they asked me to use <file> to
overwrite the /etc/security/pam_pwcheck.conf and /etc/pam/passwd and also
/etc/login.defs but is there any other solutions than to just over write the
files ?
Thanks
--
To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-autoinstall+help@xxxxxxxxxxxx
| < Previous | Next > |