Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Want to require users to enter an 8 character password with 1 numeric and 1 special character, 90 day expiration, 120 day inactivity, 3 try lockout.
Have looked at PAM in an attempt to setup some of the initial password requirements (8 char, 1 digit, 1 special) but can't seem to get any of it working. Tried making changes to /etc/pam.d/passwd and /etc/pam.d/system-auth using cracklib with the various credit parameters as specified in the PAM documentation but can't seem to get it to work.
Also can't seem to find thorough documentation on the xcredit parameters, or for system-auth.
what does PAM have to do with password security? , maybe you could write a script that people could use to make there passwords with, or modify the program that sets the passwords to check for you requirements
Trying to do the same think with RH Enterprise 3 and having about the same amount of success trying to configure the system-auth file. I too would love some help. While I don't mind working at the command line, I would have thought that RH might have made this a bit easier all things considered.
I think some of this is done through the shadow file. If you use X and go to System Settings=>Users and Groups=>select a user=>Password Info you will see some entrys for password aging. Changing this GUI modifies the /etc/shadow file. I would like to know if there is a command line utility to do this, or if it is considered good practice to modify /etc/shadow using vi or some other editor. But this only effects password aging and not password content.
To make modifications to the /etc/shadow file, you can use the usermod command.
Eventhough you are allowed to modify the shadow file manually, I encourage you to use the usermod command.
In order to implement all the above mentioned login rules for new users, you will need to modify the /etc/login.defs file.
Also, the /etc/skel/ directory contains default configuration files which will be copied to a new users HOME directory.
And if you want to add login scripts or other custom configuration settings which will be applied to all users at log-on, you can add them to the /etc/profile.local file.
This is supposed to require a password with at least 1 digit and 1 "other" character, with a minimum length of 8 characters - if I am reading the documentation correctly.
I think you are not reading documentation correctly. minlen is minimal numbe of credits. It is also not sure what do you mean by "not working".. does system accepts passworsd that it should not? Or your aparently valid passowrd is rejected?
Necroposting, the practice of responding to a thread that died a long time ago, is in this case not that useful. As the OP left several years ago. Please choose where you post carefully. Thread closed.