LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-06-2008, 09:27 AM   #1
mccartjd
Member
 
Registered: Apr 2008
Posts: 108

Rep: Reputation: 15
Unhappy Password Minimum Requirements RHEL 4 WS 64Bit


I have modified/etc/login.defs file; PASS_MIN_LEN 8

I have modified /etc.pam.d/system-auth file;
password requisite /lib/security/$ISA/pam-cracklib.so retry=3 minlen=11 1credit=1 ucredit=1 dcredit=1 ocredit=0

Neither modification changes password settings. I still have a default minimum of 6 characters. In the system-auth file it states #User Changes will be destroyed the next time authconfig is run.

Do I need to provoke a program to allow my changes to work. I have rebooted and nothing works. Am I not in the correct files? I have verified that the pam-cracklib.so file is truly located where it is directed to look.

Any help, please.
 
Old 05-07-2008, 09:00 PM   #2
blacky_5251
Member
 
Registered: Oct 2004
Location: Adelaide Hills, South Australia
Distribution: RHEL 5&6 CentOS 5, 6 & 7
Posts: 572

Rep: Reputation: 56
The login.defs file is deprecated, so the correct place to make your changes is /etc/pam.d/system-auth. Can you post your entire file for us please?

Last edited by blacky_5251; 05-07-2008 at 09:02 PM.
 
Old 05-08-2008, 05:49 AM   #3
mccartjd
Member
 
Registered: Apr 2008
Posts: 108

Original Poster
Rep: Reputation: 15
Unhappy Response to blacky_5251

My Linux Operating System has been corrupted (I think it was a password hash I placed in the /boot/grub/grub.conf file that destroyed by OS). Once I rebuild the system today from scratch I will post my system-auth file and allow the forum to review it for accuracy. Sorry about the delay but I will post it as soon as I can rebuild the system.

Thanks
John
 
Old 05-08-2008, 06:00 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,353
Blog Entries: 55

Rep: Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541
Can't you boot a Live CD to verify and repair things? There's actually very few situations where you would want to reinstall your OS, and by the sound of it, this sure does not quality as one.
 
Old 05-09-2008, 06:23 AM   #5
mccartjd
Member
 
Registered: Apr 2008
Posts: 108

Original Poster
Rep: Reputation: 15
Lightbulb Boot from CD instead of complete re-install

Tonight or Sat I will be at work trying to using a KNOPPIX CD 5.1.1. Hopefully this will get to me to hard drive so I can return the config files back to their default.

Do you know if Red Hat Enterprise Linux 4 64 bit Workstation used encryption by default therefore it may not let me change the files with a boot CD?
 
Old 05-09-2008, 07:50 AM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,353
Blog Entries: 55

Rep: Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541
No encryption is used by default.
 
Old 05-10-2008, 08:25 AM   #7
mccartjd
Member
 
Registered: Apr 2008
Posts: 108

Original Poster
Rep: Reputation: 15
Smile No Encryption by Default

unSpawn,

Thanks for the info. I will keep everyone posted.
John
 
Old 05-12-2008, 09:21 AM   #8
mccartjd
Member
 
Registered: Apr 2008
Posts: 108

Original Poster
Rep: Reputation: 15
Unhappy unSpawn ; Knoppix CD worked

Using Knoppix 5.1.1 CD I was able to replace two config files (refering to my grub) to defualt and now I can access the linux system, whew!

My earlier problem with passowrd requirement (8 characters - 1 Upper, 1 Lower, 1 Digit and 1 Other) seems to be working for users who want to change their password but when my sys admin, performs a sudo while logged in with this personal (john.frank) and performs the "passwd jane.doe" the sys admin is not forced to use the password minimum requirement; identfied below in the system-auth file. Is this because as sudo, administrators bypass the password requirements found in the system-auth file? Below is my sudoers file and system-auth file.

system-auth:
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required /lib/security/$ISA/pam_deny.so
auth required /lib/security/$ISA/pam_tally.so onerr=fail no_magic_root

account required /lib/security/$ISA/pam_unix.so
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account required /lib/security/$ISA/pam_permit.so
account required /lib/security/$ISA/pam_tally.so deny=3 no_magic_root reset

password requisite /lib/security/$ISA/pam_cracklib.so retry=3 dcredit=-1 ucredit=-1 ocredit=-1 lcredit=1 minlen=12
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password required /lib/security/$ISA/pam_deny.so


session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
________________________________________________________________________
sudoers file:
________________________________________________________________________
# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
#

# Host alias specification
Host_Alias SERVERS = master, mail, www, ns


# User alias specification
User_Alias FULLTIMERS = sue.elliot, rob.sanchez
User_Alias ADMINISTRATORS = john.frank
# Cmnd alias specification

# Defaults specification
Defaults syslog=auth
Defaults:FULLTIMERS !lecture
Defaults:ADMINISTRATORS !lecture
Defaults:sue.elliot !authenticate
Defaults:rob.sanchez !authenticate
Defaults:john.frank !authenticate


# User privilege specification
root ALL=(ALL) ALL
FULLTIMERS ALL = NOPASSWD: ALL
ADMINISTRATORS ALL = NOPASSWD:/usr/bin/,/usr/sbin/



# Uncomment to allow people in group wheel to run all commands
# %wheel ALL=(ALL) ALL

# Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL

# Samples
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h now
 
Old 05-12-2008, 05:55 PM   #9
blacky_5251
Member
 
Registered: Oct 2004
Location: Adelaide Hills, South Australia
Distribution: RHEL 5&6 CentOS 5, 6 & 7
Posts: 572

Rep: Reputation: 56
That is my understanding. The root or super-user can set any passwords he likes, and get away with it. Regular users must adhere to the PAM cracklib restrictions.
 
Old 05-13-2008, 08:54 AM   #10
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,353
Blog Entries: 55

Rep: Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541
Good to see it worked out OK.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Minimum System Requirements for RHEL AS 3 irving_wp Linux - General 2 03-04-2006 09:42 AM
Minimum PC requirements riverman Linux - Newbie 4 04-23-2005 05:41 PM
minimum hardware requirements for RHEL 4. (newbie). carverj Linux - Enterprise 5 04-08-2005 12:21 AM
Minimum requirements?? tacoduck Debian 2 06-06-2004 08:24 PM
Most Minimum Requirements gearoid Linux - Hardware 1 11-18-2003 12:04 PM


All times are GMT -5. The time now is 12:22 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration