I set some restrictions in /etc/pam.d/system-auth, but they don't seem to be affecting anything.
/etc/pam.d/passwd:
Code:
password required pam_cracklib.so retry=3 minlen=8
password required pam_unix.so md5 shadow use_authtok
/etc/pam.d/system-auth:
Code:
auth required pam_env.so
auth sufficient pam_unix.so likeauth nullok
auth required pam_deny.so
account required pam_unix.so
password required pam_cracklib.so try_first_pass retry=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1 minlen=8
password sufficient pam_unix.so try_first_pass use_authtok nullok md5 shadow remember=5
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
So even if I give a password that's less than 8 chars (which minlen=8) should prevent, it still takes it. The other uppercase/lowercase/digit/special character rules don't seem to do anything either.
Console:
Code:
admin1@box1$ passwd
Changing password for admin1
(current) UNIX password:
New UNIX password:
Retype new UNIX password:
passwd: password updated successfully
/var/log/secure doesn't seem to show much except for "password changed for user":
Code:
Apr 21 22:10:49 passwd[1134]: pam_unix(passwd:chauthtok): username [admin1] obtained
Apr 21 22:10:59 passwd[1134]: pam_unix(passwd:chauthtok): username [admin1] obtained
Apr 21 22:10:59 passwd[1134]: pam_unix(passwd:chauthtok): password changed for admin1
Any ideas?