LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-03-2010, 03:45 AM   #1
quanba
Member
 
Registered: Jul 2009
Posts: 41

Rep: Reputation: 15
RHEL5_PAM: cracklib.so module does not accept minlen option


Hi there,

When I was trying to configure PAM on a RHEL5 system, I put the following configure in /etc/pam.d/system-auth:

password requisite pam_cracklib.so minlen=15 try_first_pass retry=3 dcredit=-3

The option dcredit take effect, as a normal account I cannot enter a password that has less than 3 digits, but minlen=15 does not. I can still enter a password with the length about 12 characters.

Please give me some advices,

Thanks in advance
 
Old 03-03-2010, 08:22 PM   #2
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.9, Centos 7.3
Posts: 17,356

Rep: Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367
Quote:
Length and Strength

While the "minlen" parameter controls the minimum password length, things are not as simple as they might appear. This is because pam_cracklib combines the notion of password length with password "strength" (the use of mixed-case and non-letter characters).


"minlen" is actually the minimum required length for a password consisting of all lower-case letters. But users get "length credits" for using upper- and lower-case letters, numbers, and non-alphanumeric characters. The default is normally that you can only get a maximum of "1 credit" for each type of character. So if the administrator sets "minlen=12", a user could still have an 8 character password if they used all four types of characters. Actually, since using a lower-case letter gets you a credit, the real minimum length for an all lower-case password is minlen-1.
http://www.deer-run.com/~hal/sysadmin/pam_cracklib.html

A good article; I recommend reading it all.
 
Old 11-14-2010, 10:31 PM   #3
quanba
Member
 
Registered: Jul 2009
Posts: 41

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by chrism01 View Post
http://www.deer-run.com/~hal/sysadmin/pam_cracklib.html

A good article; I recommend reading it all.
Thanks Chrism01, It's a really good article
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How do I disable cracklib and use null passwords? openSauce Linux - Security 4 01-29-2011 03:17 PM
Cannot turn off "Accept mail for users' real names" option in sendmail louisedp Linux - Newbie 0 11-03-2009 07:08 AM
Authentication failure after change to cracklib Johnomal Linux - Newbie 6 09-07-2009 12:11 AM
How to use getopts to accept multiple parameters for a single option ? bittus Linux - Newbie 1 09-04-2009 01:38 AM
cant install cracklib on suse MagusYilie Linux - Software 0 05-06-2006 11:10 PM


All times are GMT -5. The time now is 04:00 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration