From what I gather, I need to enable md5 for some or all of those. Which ones? And do I just add the string md5 after the rest of the `module-arguments'? All of them? Do I only need to add md5 to
Greetings, I think I'm too stupid to figure this out, but I've never *had* to figure this out before. :-) I'm trying to up the password length greater than 8. I checked the archives, which lead me to /etc/login.defs concerning PASS_MAX_LEN: # Ignored if the "md5" option is given to the pam_pwcheck module. No idea what that is. So then the archives led me to the configuration files in /etc/pam.d and then found the documentation in /usr/share/doc/packages/pam/modules. So.. % egrep pam_pwcheck /etc/pam.d/* chfn:password required /lib/security/pam_pwcheck.so nullok chsh:password required /lib/security/pam_pwcheck.so nullok login:password required /lib/security/pam_pwcheck.so nullok use_cracklib other:password required /lib/security/pam_pwcheck.so use_cracklib passwd:password required /lib/security/pam_pwcheck.so nullok use_cracklib sshd:password required pam_pwcheck.so sshd.rpmsave:password required /lib/security/pam_pwcheck.so use_cracklib the pam_pwcheck module, or the others in each configuration file also? The docs mention `bigcrypt'. Should I still use md5? % man -k bigcrypt bigcrypt: nothing appropriate. I already have two or three users on the system other than root, so when this is set up correctly, should I just get the users to run passwd again to reset the longer-than-8-passwords? Sorry if I sound silly, but I'm seriously confused. I can't believe this isn't enabled by default. :-\ Thanks, -- -Brian Clark | PGP is spoken here: 0xE4D0C7C8 Please, DO NOT carbon copy me on list replies.