Mailinglist Archive: opensuse-autoinstall (29 mails)

["Justin Lim" <jlim@xxxxxxxxxxx>]

If I remove the pass_min_len its fine but even if I remove the lines for 
cracklib and it will still put it in /etc/security/pam_pwcheck.conf

During our testing with Novell it was stated that 
/etc/security/pam_pwcheck.conf must be

--snip--
/etc/security/pam_pwcheck.conf
password:       blowfish nullok
--snip--


I just want to see if there is a better method to set the complex password 
settings like ocredit ucredit minlen retry difok and correctly set 
/etc/security/pam_pwcheck.conf using the templates without having to over write 
each of /etc/pam.d/passwd /etc/login.defs /etc/security/pam_pwcheck.conf

Thanks


-----Original Message-----
From: Jiří Suchomel [mailto:jsuchome@xxxxxxx] 
Sent: Monday, June 16, 2008 8:42 AM
To: opensuse-autoinstall@xxxxxxxxxxxx
Cc: Justin Lim
Subject: Re: [opensuse-autoinstall] complex password

On čt 12. června 2008, Justin Lim wrote:
> Hello,
>
> I am trying to setup some complex password settings and is having some
> problems with both SLES9 and SLES10.
>
> In my autoyast template I have the following <security> section
>     <security>
>         <console_shutdown>ignore</console_shutdown>
>         <cwd_in_root_path>no</cwd_in_root_path>
>         <fail_delay>5</fail_delay>
>         <faillog_enab>yes</faillog_enab>
>         <lastlog_enab>yes</lastlog_enab>
>         <encryption>blowfish</encryption>
>         <pass_max_days>60</pass_max_days>
>         <pass_min_days>0</pass_min_days>
>         <pass_warn_age>10</pass_warn_age>
>         <pass_max_len>20</pass_max_len>
>         <pass_min_len>10</pass_min_len>
>         <passwd_use_cracklib>yes</passwd_use_cracklib>
>         <permission_security>secure</permission_security>
>     </security>
>
> This would generate /etc/security/pam_pwcheck.conf to be
> Password:           minlen=20 cracklib blowfish nullok
>
> And also in /etc/login.defs sets
> PASS_MAX_DAYS   60
> PASS_MIN_DAYS   0
> PASS_WARN_AGE   10
>
> However when setting up complex passwords using the xlimits on
> /etc/pam.d/passwd ie
> more /etc/pam.d/passwd
> #%PAM-1.0
> auth required   pam_unix2.so    nullok
> account required        pam_unix2.so
> password required       pam_pwcheck.so
> password required       pam_cracklib.so use_first_pass use_authtok
> no_obscure_checks retry=3 minlen=11 difok=-1 dcredit=-1 ucredit=-
> 1
> password required       pam_pwcheck.so  use_authtok remember=12
> password required       pam_unix2.so    nullok use_first_pass  use_authtok
> session required        pam_unix2.so
>
> having the /etc/security/pam_pwcheck.conf as above will break it.  So
> /etc/security/pam_pwcheck.conf would have to be changed to the following
> Password:           blowfish nullok

I'm not sure if I understand: do you really only need to have 
final /etc/security/pam_pwcheck.conf as written just above? 

So why do you want to set minlen and cracklib to yes in security section?

Jiri

-- 
Jiri Suchomel

SUSE LINUX, s.r.o.                            e-mail: jsuchome@xxxxxxx
Lihovarská 1060/12                            tel: +420 284 028 960
190 00 Praha 9, Czech Republic                http://www.suse.cz


--
To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-autoinstall+help@xxxxxxxxxxxx