-   Linux - Security (
-   -   pam_cracklib and pam_unix (

rosect 11-07-2011 06:20 PM

pam_cracklib and pam_unix
On my Fedora14, I need pam_unix to keep password history. However, it seems that pam_cracklib must be included in the /etc/pam.d/system-auth as well. If I comment out pam_cracklib, I can not change password at all. I do not want pam_cracklib because I have my own rules to validate a new password. So, I added these options to pam_cracklib:
password requisite difok=0 difignore=0 lcredit=0 ucredit=0 dcredit=0 ocredit=0 minlen=4

When I try (as an experiment) to use new password "abcd12", system still says "BAD PASSWORD: it is too simplistic/systematic".

Is there a way to "disable" pam_cracklib's validating a password or to configure not to use pam_cracklib with pam_unix?

rosect 11-07-2011 08:14 PM

Solution is to remove "use_authtok" from pam_unix.

All times are GMT -5. The time now is 02:13 PM.