LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Password Restrict.. Password History in RHEL 5.0 (https://www.linuxquestions.org/questions/linux-newbie-8/password-restrict-password-history-in-rhel-5-0-a-662377/)

your_shadow03 08-12-2008 11:46 PM
Password Restrict.. Password History in RHEL 5.0
 
I cant see any option setting up Password Restrict or Password History in /etc/login.defs in RHEL 5.0?

Anyone having any idea how to setup that?

Mr. C. 08-12-2008 11:49 PM
See http://www.kernel.org/pub/linux/libs..._cracklib.html

your_shadow03 08-13-2008 12:02 AM
Thanks for the quick reply.I checked with the same I guess I need those entries in my pam.conf:
Code:
passwd  password required      pam_cracklib.so retry=3
passwd  password required      pam_unix.so use_authtok
For password restrictional entry.

I dont see any option for password history and password complex ?

Mr. C. 08-13-2008 12:32 AM
It is noted as:
Quote:
Already used

Was the password used in the past? Previously used passwords are to be found in /etc/security/opasswd.
but see also: http://www.deer-run.com/~hal/sysadmin/pam_cracklib.html

It works for users, not when root runs passwd user.

your_shadow03 08-13-2008 01:55 AM
You are Genious Personality I think.
You deserves to be "LINUX GURU".


Thanks the link you sent solves my all queries.

"SMALL NAME(Mr. C) BUT GREAT THOUGHTS"


Thanks

your_shadow03 08-14-2008 03:40 AM
Wait..
I need more help.I tried making these entries but when I am trying to change the user password as simpe dictionary word its taking without any restriction:

here are the files :

Code:
cat login

#%PAM-1.0

auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so

auth      include      system-auth

account    required    pam_nologin.so

account    include      system-auth

password  include      system-auth

# pam_selinux.so close should be the first session rule

session    required    pam_selinux.so close

session    include      system-auth

session    required    pam_loginuid.so

session    optional    pam_console.so

# pam_selinux.so open should only be followed by sessions to be executed in the user context

session    required    pam_selinux.so open

session    optional    pam_keyinit.so force revoke

 

[root@spitdbrep001 pam.d]# cat system-auth

#%PAM-1.0

# This file is auto-generated.

# User changes will be destroyed the next time authconfig is run.

auth        required      pam_env.so

auth        sufficient    pam_unix.so nullok try_first_pass

auth        requisite    pam_succeed_if.so uid >= 500 quiet

auth        required      pam_deny.so

 

account    required      pam_unix.so

account    sufficient    pam_succeed_if.so uid < 500 quiet

account    required      pam_permit.so

 

password    requisite    pam_cracklib.so  retry=3 minlen=8

password    sufficient    pam_unix.so md5 shadow nullok try_first_pass use_authok

password    required      pam_deny.so

 

session    optional      pam_keyinit.so revoke

session    required      pam_limits.so

session    [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid

session    required      pam_unix.so

 

 

[root@spitdbrep001 pam.d]# cat passwd

#%PAM-1.0

auth      include      system-auth

account    include      system-auth

password  include      system-auth

 

password  required pam_cracklib.so minlen=8

lcredit=1 ucredit=1 dcredit=1 ocredit=1

password reqired pam_unix.so use_authok md5 remember=8

Mr. C. 08-14-2008 10:33 AM
Does the dictionary exist (by default in /var/cache/cracklib)?


All times are GMT -5. The time now is 03:38 PM.