Setting password security policy

etcetera · 10-18-2012, 09:50 AM

I need the following password security policy, which files do I modify other than /etc/pam.d/system-auth
Or is there a quick command to do all this? Needs to apply to all accounts on the system.

Administrator passwords must be at 8 chars.
And must include at least 1 upper case, 1 lower case, 1 number and 1 special character.

· Difference: must change at least 2 characters.

· Password Age of not greater than 180 days
.
· Password Age of not less than 24 hours.

· Passwords must not be reused for 10 generations.

unSpawn · 10-18-2012, 11:29 AM

Quote:

Originally Posted by etcetera

which files do I modify other than /etc/pam.d/system-auth

/etc/security/opasswd if you don't have it and aging parms are taken from /etc/login.defs.

Quote:

Originally Posted by etcetera

Needs to apply to all accounts on the system.

Note you can chage accounts pro-actively but password strength policy changes are only enforced on next password change.

etcetera · 10-18-2012, 11:37 AM

I have the file /etc/security/opasswd but it's zero in size.

unSpawn · 10-18-2012, 01:26 PM

Like I said password strength policy changes are only enforced on next password change. So if it's empty it hasn't been used yet.

etcetera · 10-18-2012, 03:29 PM

what about /etc/login.defs