Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
hi.these are the contents of my /etc/pam.d/system-auth config file:
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required /lib/security/$ISA/pam_deny.so
i set the parameters minlen,dcredit,ucredit,lcredit,ocredit,difok to their values.
minlen is working fine.but when i created a new user and
set the password as 'aaaaaa',it is being accepted.it should not isn't it?bcoz the password:
* Must be at least 6 characters and utmost 12 characters
* Must contain at least one one lower case letter, one upper case letter, one digit and one special character
* Valid special characters are - @#$%^&+=
what do i do now???
password required /lib/security/$ISA/pam_cracklib.so retry=3 minlen=6 dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1 difok=-2
AFAIK the docs say nothing about using negative values, only integers.
when i created a new user and set the password as 'aaaaaa',it is being accepted.it should not isn't it?
Yes it should since you're root.
what do i do now?
This should work. Touch /etc/security/opasswd to enable remembering used passes. Now if there's a possibility for them to hand you an initial password you could set that, else set one yourself. Then expire the account, forcing them to set a new one on login. The cracklib settings should apply now.
I am not an expert on this but have you looked in the /etc/pam.d directory for a file called passwd? The file /etc/pam.d/passwd should have the following line to include the rules in /etc/pam.d/common-password
(or maybe in your case @include system-auth)
Got this from google: "Authconfig is a terminal mode program which can configure a workstation to use shadow passwords."
So I guess authconfig is only run when you install/upgrade the shadow suite.
My common-password file has only the 2 rules I told about in my previous post, while your system-auth file has other things in it as well.
Maybe you should create a new file in /etc/pam.d (say common-password) and include that file in /etc/pam.d/passwd or you can add the 2 rules directly in /etc/pam.d/passwd instead of using @include
Ah and your /etc/pam.d/passwd didn't say anything about being auto-generated? So it's probably your best option to use another config file or passwd directly and not system-auth.
still doesn't work sir.i've done exactly as u told me to.
after rebooting i create a new user as 'user1' and a new password which is 'xxxxxxx'and its getting accepted.it should not accept this password isn't it?i am even able to login with this new username and password.