On čt 12. června 2008, Justin Lim wrote:
Hello,
I am trying to setup some complex password settings and is having some problems with both SLES9 and SLES10.
In my autoyast template I have the following <security> section <security>
ignore no 5 yes yes <encryption>blowfish</encryption>60 0 10 20 10 yes secure </security>This would generate /etc/security/pam_pwcheck.conf to be Password: minlen=20 cracklib blowfish nullok
And also in /etc/login.defs sets PASS_MAX_DAYS 60 PASS_MIN_DAYS 0 PASS_WARN_AGE 10
However when setting up complex passwords using the xlimits on /etc/pam.d/passwd ie more /etc/pam.d/passwd #%PAM-1.0 auth required pam_unix2.so nullok account required pam_unix2.so password required pam_pwcheck.so password required pam_cracklib.so use_first_pass use_authtok no_obscure_checks retry=3 minlen=11 difok=-1 dcredit=-1 ucredit=- 1 password required pam_pwcheck.so use_authtok remember=12 password required pam_unix2.so nullok use_first_pass use_authtok session required pam_unix2.so
having the /etc/security/pam_pwcheck.conf as above will break it. So /etc/security/pam_pwcheck.conf would have to be changed to the following Password: blowfish nullok
I'm not sure if I understand: do you really only need to have final /etc/security/pam_pwcheck.conf as written just above? So why do you want to set minlen and cracklib to yes in security section? Jiri -- Jiri Suchomel SUSE LINUX, s.r.o. e-mail: jsuchome@suse.cz Lihovarská 1060/12 tel: +420 284 028 960 190 00 Praha 9, Czech Republic http://www.suse.cz