Hi All...

I am having a issue when it comes to password security in RH 3 ent. I am trying to relax or make the ability to have people create simple passwords w/o having to use complex char and numbers.

I looked in the forums and they don't touch this type of issue or I have not found the post yet.


Any help would be appreciated.... !!!


Thanks,

Thats a real bad idea...... Relaxing passwd security may make life easier for your users..... but it also makes getting into your machine easier....

I would suggest that u explain the situation to your users. I am sure that they will understand..

Cheers

Subhasis

Have a look in
/etc/pam.d/system-auth

Look for a line that says something about cracklib

Comment that out, and then see if passwd will allow you to set simple passwords.

I do however agree with Subhasis about this being a bad idea - if you relax passwords too much, you will end up getting cracked by brute force tools like the SSH scanners we are currently seeing all over the place.

Of course, the flip side is that if you enforce complex passwords, you have the risk of users writing them on post it notes.

One thing I find as good advice to users is to choose a phrase and use the first letter of each word in their password. Make one of the letters uppercase, and replace one letter with a digit. This seems to work well for most of my users.

As an example, a password derived from
I have real trouble remembering good passwords
would become
1Hrtrgp

Thanks all for the input... Yeah there is a security issue but we have a company program that utilizes the password script in linux and it can't deal with complex passwords.

The crack worked for "/etc/pam.d/system-auth" ...

Thanks Again...