[SOLVED] Force password complexity

savona · 03-21-2011, 10:46 AM

I need to implement a technique to force password complexity in our organization. We use RHEL 4 and RHEL 5 boxes, all of which need to have a password complexity of 14 chars long, 1 upper and 1 lowercase, 1 digit, and 1 special character.

Is there a pam configuration file or something I can use to implement this? Any help would be appreciated, a quick google search turns up a lot of junk.

Thanks in advance.

szboardstretcher · 03-21-2011, 11:03 AM

Definitely.

Here is a great howto: http://www.cyberciti.biz/faq/rhel-fe...ality-control/

In short: Yes, you'll be using PAM and PAM modules to do this.

savona · 03-21-2011, 11:39 AM

Thanks, that is exactly what I was looking for an it seems to have worked perfectly.

One last question that you may or may not be able to help with.

Is there a way to change the error messages? They have to be in a module/file somewhere. for example, I would like to change "BAD PASSWORD: is too simple" to "Password MUST be 14 characters in length with at least one uppercase, one lowercase, one digit, and one special character".

Something that will be a lot of help so the users are calling me every time they get an error.

Thanks!

szboardstretcher · 03-21-2011, 11:54 AM

Well, with a combination of the commands "grep, strings, vi" im sure you could hunt down the offending message in /lib/security/pam* and hex edit the file to change the text.

Or, you could create a script called "passwd" that echos your message first, then runs the actual passwd program...

savona · 03-21-2011, 12:07 PM

Thanks!