If I remove the pass_min_len its fine but even if I remove the lines for cracklib and it will still put it in /etc/security/pam_pwcheck.conf During our testing with Novell it was stated that /etc/security/pam_pwcheck.conf must be --snip-- /etc/security/pam_pwcheck.conf password: blowfish nullok --snip-- I just want to see if there is a better method to set the complex password settings like ocredit ucredit minlen retry difok and correctly set /etc/security/pam_pwcheck.conf using the templates without having to over write each of /etc/pam.d/passwd /etc/login.defs /etc/security/pam_pwcheck.conf Thanks -----Original Message----- From: Jiří Suchomel [mailto:jsuchome@suse.cz] Sent: Monday, June 16, 2008 8:42 AM To: opensuse-autoinstall@opensuse.org Cc: Justin Lim Subject: Re: [opensuse-autoinstall] complex password On čt 12. června 2008, Justin Lim wrote:
Hello,
I am trying to setup some complex password settings and is having some problems with both SLES9 and SLES10.
In my autoyast template I have the following <security> section <security>
ignore no 5 yes yes <encryption>blowfish</encryption>60 0 10 20 10 yes secure </security>This would generate /etc/security/pam_pwcheck.conf to be Password: minlen=20 cracklib blowfish nullok
And also in /etc/login.defs sets PASS_MAX_DAYS 60 PASS_MIN_DAYS 0 PASS_WARN_AGE 10
However when setting up complex passwords using the xlimits on /etc/pam.d/passwd ie more /etc/pam.d/passwd #%PAM-1.0 auth required pam_unix2.so nullok account required pam_unix2.so password required pam_pwcheck.so password required pam_cracklib.so use_first_pass use_authtok no_obscure_checks retry=3 minlen=11 difok=-1 dcredit=-1 ucredit=- 1 password required pam_pwcheck.so use_authtok remember=12 password required pam_unix2.so nullok use_first_pass use_authtok session required pam_unix2.so
having the /etc/security/pam_pwcheck.conf as above will break it. So /etc/security/pam_pwcheck.conf would have to be changed to the following Password: blowfish nullok
I'm not sure if I understand: do you really only need to have final /etc/security/pam_pwcheck.conf as written just above? So why do you want to set minlen and cracklib to yes in security section? Jiri -- Jiri Suchomel SUSE LINUX, s.r.o. e-mail: jsuchome@suse.cz Lihovarská 1060/12 tel: +420 284 028 960 190 00 Praha 9, Czech Republic http://www.suse.cz -- To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-autoinstall+help@opensuse.org