LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 03-16-2007, 11:22 AM   #1
Kyle Harris
LQ Newbie
 
Registered: Mar 2007
Posts: 2

Rep: Reputation: 0
pam_cracklib password history not working


I have been attempting to enable pam_cracklib to check a password in a password history file with no luck. No matter what I seem to try, nothing is ever added to the opasswd file. I have tried this on several stations with no luck so I must be missing something. I have been following the documentation as best I can, and according to other sites, this should be working. I'm beginning to think this might have something to do with the distro I'm running, but not sure.

The problem is I can't seem to get it to work. So, I loaded up a test machine from scratch using RHEL 4.4 with all updates as of 3-14-07. I then did the following:

1.) touch /etc/security/opasswd {creates the necessary old password file}
2.) chown root:root /etc/security/opasswd
3.) chmod 600 /etc/security/opasswd
Note I have opened the permissions up on this file for testing with no more luck.
4.) I modified the system-auth file which I'm pretty sure is the file this flavor of Linux uses with the following line:

password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow remember=12


Here is the entire file. The only thing changed from the default file is the line above. I simply added remember=12 to it.

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required /lib/security/$ISA/pam_deny.so

account required /lib/security/$ISA/pam_unix.so
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account required /lib/security/$ISA/pam_permit.so

password requisite /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow remember=12
password required /lib/security/$ISA/pam_deny.so

session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so

If I change the line above from sufficient to requered as in the example on the site referenced above such as follows:
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow remember=12

I then get the error:
passwd: Authentication token manipulation error
{This tells me I must be editing the correct file}

What do I need to do to create the password history file using pam_cracklib?
 
Old 03-16-2007, 11:40 AM   #2
Kyle Harris
LQ Newbie
 
Registered: Mar 2007
Posts: 2

Original Poster
Rep: Reputation: 0
More Information

The site I referenced above was http://www.deer-run.com/~hal/sysadmin/pam_cracklib.html

I couldn't include the URL in my original post as it was my first post on this forum. Also I had a type-o in the original post.

"If I change the line above from sufficient to requered . . ." should have been required, spelled correctly.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
pam_cracklib.so "-1" NOT working scottjwoodford Linux - Security 4 08-14-2006 09:27 AM
pam_cracklib settings gpm.sei Linux - Security 0 05-18-2006 01:53 PM
history not working in bash subu_s AIX 2 12-29-2004 12:49 PM
Problems with PAM_cracklib options tompower Linux - Security 1 11-03-2004 06:23 PM
can I set the password history in solaris ooihc Solaris / OpenSolaris 3 09-24-2004 05:25 AM


All times are GMT -5. The time now is 07:22 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration