LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Disable complext passwords (http://www.linuxquestions.org/questions/linux-security-4/disable-complext-passwords-653316/)

hunger 07-03-2008 06:26 AM

Disable complext passwords
 
hi,

We are migrating a *NIX app to Linux RHEL5 and need to maintain the same password policy, which allow dictionary words!

How do I disable dictionary checking on the RH box?

I've tried editing /etc/pam.d/passwd to the following:
#%PAM-1.0
auth include system-auth
account include system-auth
password required /lib/security/pam_unix.so md5 shadow nullok

But I still keep getting the following error when trying to change a user password (works find from root!):

it is based on a dictionary word

I'm completely stumped & frustrated!!!

Please help?

Thanks

H.

w3bd3vil 07-03-2008 06:44 AM

Quote:

it is based on a dictionary word
is just a warning. It does actually change the password.
Just type in the password two times and it will accept it.

Anyhow, it is always advisable to keep your passwords complex. It might make you frustrated but its for the best.

OlRoy 07-03-2008 08:00 AM

If you aren't able to use complex passwords, I hope you at least have a clipping level set, as well as log and monitor its account lockouts.

hunger 07-03-2008 09:10 AM

>>>W3bD3v1 : is just a warning. It does actually change the password.
Just type in the password two times and it will accept it.


I've tried it three times & eventually fails with the following

Retype new UNIX password:
it is based on a dictionary word
passwd: Authentication token manipulation error

and doesn't change the p/w...

Is there something else I need to change?

thanks again,

H.

tredegar 07-03-2008 04:12 PM

"Your password isn't complicated enough" annoys me big time.
My solution:
Become root
Code:

passwd username
Assign a new password.
It works (for me) ;)

w3bd3vil 07-04-2008 12:54 AM

ahh, I thought he was doing it with root privileges.

hunger 07-18-2008 06:01 AM

Fixed!
 
It's a bug in rhel5 which doesn't allow you to disable the dictionary checking, - should be fixed in 5.3

To get around the problem simply clear out the dictionary...

# echo word | packer /usr/share/cracklib/pw_dict

You should be able to use any dictionary word!!! (except "word")

Worked for me! - Thanks to RH support for this one!


All times are GMT -5. The time now is 09:20 PM.