LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Enterprise Linux Forums > Linux - Enterprise
User Name
Password
Linux - Enterprise This forum is for all items relating to using Linux in the Enterprise.

Notices

Reply
 
LinkBack Search this Thread
Old 11-06-2012, 10:05 AM   #1
Westmoreland
LQ Newbie
 
Registered: Oct 2012
Location: Groves, Texas
Distribution: RHEL
Posts: 6

Rep: Reputation: Disabled
Configuring password complexity using pam_passwdqc.so


I'm trying to configure the pam_passwdqc.so module in /etc/pam.d/system-auth. I've added the pam_passwdqc.so line in the config file and commented out the line for pam_cracklib.so as shown below:

password required pam_passwdqc.so min=disable,disable,disable,8,7 passphrase=0 random=0 similar=permit
#password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password required pam_deny.so

But now when I attempt to change a user password I get the following:

[test3@api01r5v ~]$ passwd
Changing password for user test3.
System configuration error. Please contact your administrator.
Changing password for test3
(current) UNIX password:
passwd: Critical error - immediate abort

I'm sure I'm probably missing a simple step but I just can see it. Any suggestion would be greatly appreciated.
 
Old 11-07-2012, 03:55 AM   #2
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,090

Rep: Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995
Try the logfiles for more detail eg /var/log/messages, /var/log/secure
 
Old 11-07-2012, 09:13 AM   #3
Westmoreland
LQ Newbie
 
Registered: Oct 2012
Location: Groves, Texas
Distribution: RHEL
Posts: 6

Original Poster
Rep: Reputation: Disabled
I'm working with a user account called "test3" on this system. I open 2 ssh sessions to the server named "api01r5v" and run tail -f /var/log/secure in one session while logging in as test3 in the second session and then try to change the password. I did the same thing with /var/log/messages. Nothing is logged to either file. So ran "grep -r test3 /var/log" to do a recursive search for the user account. I find the following in /var/log/audit/audit.log:

Code:
type=USER_CHAUTHTOK msg=audit(1352299927.019:4811): user pid=4001 uid=512 auid=512 subj=user_u:system_r:unconfined_t:s0 msg='PAM: chauthtok acct="test3" : exe="/usr/bin/passwd" (hostname=?, addr=?, terminal=pts/2 res=failed)'
Looks like chauthtok is failing, but I don't know why.
 
Old 11-08-2012, 02:13 AM   #4
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,090

Rep: Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995
Well, that's the SELinux log, so I'd check the SELinux attributes for the new pam module http://wiki.centos.org/HowTos/SELinux and anything else closely involved eg the /etc/pam.d/system-auth file.
 
Old 11-08-2012, 01:01 PM   #5
Westmoreland
LQ Newbie
 
Registered: Oct 2012
Location: Groves, Texas
Distribution: RHEL
Posts: 6

Original Poster
Rep: Reputation: Disabled
No, SELinux is set to permissive. But I found my issue, it was something much simpler.

in my min= options is used "disable" when I should have used "disabled" (note the "d" at the end). Changing that fixed my problem. Thanks all who took a look.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Password History using pam_passwdqc.so and pam_unix.so Viswes_B Linux - Newbie 5 04-19-2011 07:39 AM
[SOLVED] Password History In Ubuntu (pam_passwdqc.so) ajayan Linux - Newbie 3 02-23-2011 10:32 PM
bash script to test string complexity (like password complexity) robertjinx Linux - Server 2 05-12-2010 02:58 PM
password complexity with pam_passwdqc.so VMSlives Linux - Security 4 03-30-2009 03:19 PM
password complexity moinpasha Programming 1 09-12-2006 05:24 AM


All times are GMT -5. The time now is 03:18 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration