Mailinglist Archive: opensuse (2912 mails)
| < Previous | Next > |
SOLVED - Re: [SLE] PAM - passwords with numbers and upper case letters
- From: oxielc@xxxxxxxx
- Date: Tue, 1 Feb 2005 11:02:31 -0400
- Message-id: <200502011102.32159.oxielc@xxxxxxxx>
Hello Gurus:
Thanks to Philippe Vogel, pointing me about some tips with cracklib.
For anyone interested tt's working now this way:
I needed to restrict the length of passwords to 8 chars min, 32 chars max
Combination of letters (upcase,lowercase) and numbers and/or others
Not to reuse the last 12 passwords
/etc/security/pam_pwcheck.conf :
password: minlen=8 cracklib nullok md5 remember=12
/etc/default/passwd:
CRYPT=md5
CRYPT_FILES=md5
BLOWFISH_CRYPT_FILES=10
CRYPT_YP=des
/etc/pam.d/passwd
#%PAM-1.0
auth required pam_unix2.so nullok
account required pam_unix2.so
password required pam_passwdqc.so retry=3 ask_oldauthtok
min=disabled,disabled,disabled,8,8 random=32 max=32
password required pam_pwcheck.so use_authtok
password required pam_unix2.so use_first_pass use_authtok
session required pam_unix2.so
If there's a better way, please let me know
Greetings
Oxiel
>
> I need to make that my users put at least 1 number and 1 upper case letter
> in their 8 characters long passwords's.
>
> I've read all the docs, readmes and mans, and searched google for examples,
> follow them, it should be working already but not clue why not.
>
> My files are:
>
> /etc/security/pam_pwcheck.conf :
> password: minlen=8 cracklib nullok blowfish debug remember=12
>
> /etc/security/pam_unix2.conf :
> auth:
> account:
> password:
> session: none
>
> /etc/default/passwd:
> CRYPT=blowfish
> CRYPT_FILES=blowfish
> BLOWFISH_CRYPT_FILES=10
> CRYPT_YP=des
>
> /etc/pam.d/passwd :
> #%PAM-1.0
> auth required pam_unix2.so nullok
> account required pam_unix2.so
> password required pam_cracklib.so retry=3 debug ucredit=-1 dcredit=-1
> ocredit=0 lcredit=0 minlen=8
> password required pam_pwcheck.so use_authtok
> password required pam_unix2.so use_first_pass use_authtok
> session required pam_unix2.so
>
> Best Regards
>
> Oxiel
Thanks to Philippe Vogel, pointing me about some tips with cracklib.
For anyone interested tt's working now this way:
I needed to restrict the length of passwords to 8 chars min, 32 chars max
Combination of letters (upcase,lowercase) and numbers and/or others
Not to reuse the last 12 passwords
/etc/security/pam_pwcheck.conf :
password: minlen=8 cracklib nullok md5 remember=12
/etc/default/passwd:
CRYPT=md5
CRYPT_FILES=md5
BLOWFISH_CRYPT_FILES=10
CRYPT_YP=des
/etc/pam.d/passwd
#%PAM-1.0
auth required pam_unix2.so nullok
account required pam_unix2.so
password required pam_passwdqc.so retry=3 ask_oldauthtok
min=disabled,disabled,disabled,8,8 random=32 max=32
password required pam_pwcheck.so use_authtok
password required pam_unix2.so use_first_pass use_authtok
session required pam_unix2.so
If there's a better way, please let me know
Greetings
Oxiel
>
> I need to make that my users put at least 1 number and 1 upper case letter
> in their 8 characters long passwords's.
>
> I've read all the docs, readmes and mans, and searched google for examples,
> follow them, it should be working already but not clue why not.
>
> My files are:
>
> /etc/security/pam_pwcheck.conf :
> password: minlen=8 cracklib nullok blowfish debug remember=12
>
> /etc/security/pam_unix2.conf :
> auth:
> account:
> password:
> session: none
>
> /etc/default/passwd:
> CRYPT=blowfish
> CRYPT_FILES=blowfish
> BLOWFISH_CRYPT_FILES=10
> CRYPT_YP=des
>
> /etc/pam.d/passwd :
> #%PAM-1.0
> auth required pam_unix2.so nullok
> account required pam_unix2.so
> password required pam_cracklib.so retry=3 debug ucredit=-1 dcredit=-1
> ocredit=0 lcredit=0 minlen=8
> password required pam_pwcheck.so use_authtok
> password required pam_unix2.so use_first_pass use_authtok
> session required pam_unix2.so
>
> Best Regards
>
> Oxiel
| < Previous | Next > |