Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm trying to secure my system and enforce every password user, even root, to begin with letter, I mean, the first character of the password must be letter (upper or lower case, it does not matter), do you know how can I configure it? is it possible?
I'm trying to secure my system and enforce every password user, even root, to begin with letter, I mean, the first character of the password must be letter (upper or lower case, it does not matter), do you know how can I configure it? is it possible?
If you know that there are only 26 * 2 possibilities for the first character of the password, that's theoretically a lot of possibilities to remove. It also makes it very likely that it's a dictionary word.
Attempts to impose password limits also greatly simplify dictionary attacks because there are now many thousands of words that you don't need to try because you know they're too short or too long.
why not use the length
min is 12 and max is 256 and use a phrase
-- not these!!!
" ToBoldlyGoWhereWhereNoOneHas"
" ToBeOrNotToBe"
" ItWas_a_DarkAndStormyNight"
long and hared to crack and EASY TO REMEMBER!!!!
!!! no Post-it-notes" stuck to the screen !!!!
When you push arbitrary things like this, they tend to be inconsistent with other systems which leads to your users getting password fatigue and in turn, turning to bad practices such as writing down passwords on paper. I'd say stick with the sensible defaults here and just force a longer password or phrase.
Quote:
Originally Posted by sundialsvcs
hddtmrotc is remembered by: "Hickory, Dickory, Dock. The mouse ran up the clock."
I think you have a little typo in there, or was switching u for an o intentional?
After configuring these settings, Still machine is not asking for complex password or minimum length.I had applied these configuration on RHEL 6.2x 64 bit. Please suggest
instead of hijacking a thread it might be better to start a new thread
also 6.2 is a bit OLD
the current minor release of the older 6 series is RHEL 6.8
you are 6 versions and about 4 years out of date
also this is redhat and you DO ??? have the required paid for support contract, right ?
your FIRST stop on the net SHOULD be the redhat site
login with the credentials that were set up with the REQUIRED license / support contract and do a search
-- you will need to be loged in to read most of the knowledge base results
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.