LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Closed Thread
  Search this Thread
Old 08-09-2004, 01:31 AM   #1
timbo_oz
LQ Newbie
 
Registered: Aug 2004
Location: Brisbane
Distribution: Redhat ES 2.1
Posts: 2

Rep: Reputation: 0
Unhappy can I turn off PAM, or at least significatnly reduce the security


Hi All,

I've been pulling my hair out over PAM for a few days now.

We are moving our application from Sco Unix to Redhat Linux ES 2.1. Our clients' Linux servers sit in their little office, usually not connected to the internet and with around 2-10 users accessing the server. Most of our clients prefer not to have a password at the Linux level and use our Application security which allows much more application control.

However, some of our clients like to have passwords at the Linux level but we have been getting heaps of calls from our annoyed users because they can't have their simple passwords anymore. PAM's default security is actually quite strict (min 8 characters, no dictionary words etc). Much too strict for the likes of our users who like things (including security) simple.

That's my problem, now my question is How can I:
A) configure PAM to allow users to use their simple passwords again? or
B) de-activate/de-install PAM to avoid this intense password checking?

I've been playing with /etc/pam.d/login for quite a while but I cannot seem to reduce the default security. It seems quite easy to INCREASE PAM security but not decrease/de-activate it...

Any help appreciated!!

Thanks,
Tim.
 
Old 08-09-2004, 01:45 AM   #2
Obie
Member
 
Registered: Apr 2004
Distribution: Red Hat
Posts: 290

Rep: Reputation: 30
This link may help.
http://www.puschitz.com/Security.shtml
 
Old 08-09-2004, 01:46 AM   #3
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,290

Rep: Reputation: 378Reputation: 378Reputation: 378Reputation: 378
I've not actually ever played with this, but you might try modifying PASS_MIN_LEN in /etc/login.defs. And if those systems are even connected to the Internet briefly, having passwordless accounts is a bad idea.

[edit[

After reading the link posted by obie, looks like I'm wrong anyhow, so just ignore my blathering .

Last edited by btmiller; 08-09-2004 at 01:48 AM.
 
Old 08-09-2004, 07:31 PM   #4
timbo_oz
LQ Newbie
 
Registered: Aug 2004
Location: Brisbane
Distribution: Redhat ES 2.1
Posts: 2

Original Poster
Rep: Reputation: 0
Quote:
Originally posted by Obie
This link may help.
http://www.puschitz.com/Security.shtml
Thanks for the link, but I don't think it will help me reduce the security. It does explain how to setup more security on Linux, but this doesn't help my cause.

I also installed the patch for cracklib onto my server, but it didn't help. The password checking is still as strict as before. I think this patch is to help you INCREASE the security not decrease it.

I'm floundering quite a bit with PAM and basically grabbing some examples from the web and modifying them slightly. Here's a few that I've tried so far. I don't fully understand them, but I know they don't work for me...

auth required /lib/security/pam_pwdb.so shadow nullok
account required /lib/security/pam_pwdb.so
password required /lib/security/pam_cracklib.so retry=3 minlen=3
password required /lib/security/pam_pwdb.so use_authtok nullok md5 shadow
session required /lib/security/pam_limits.so

...minlen=3 seems to be ignored.

auth sufficient /lib/security/pam_securetty.so
auth sufficient /lib/security/pam_unix.so
account sufficient /lib/security/pam_unix.so
password sufficient /lib/security/pam_unix.so
session sufficient /lib/security/pam_unix.so

This uses the default pam_unix for password checking which is still to strict...

help...

btw, what if I just remove the PAM rpm? "rpm -e pam-0.72...."...but I don't want to lock myself out of the system for good ....

Tim.

Last edited by timbo_oz; 08-09-2004 at 07:36 PM.
 
Old 08-10-2004, 02:09 PM   #5
v00d00101
Member
 
Registered: Jun 2003
Location: UK
Distribution: Devuan Beowulf
Posts: 514
Blog Entries: 1

Rep: Reputation: 37
Is there really a problem assigning easy passwords?

Every time ive ever assigned one it complains, but it allows nevertheless.

Is it possible you could assign each user a permanent password thats easy to remember. Tell them that its for their security as well as the companies. Maybe its time they embraced the need for higher security, after all we do live in a world of hackers and crackers.

If i was underhanded, id make a point about security, how id go about it, well you can probably think of ways. If not im sure some of the users here can help u with some good examples.
 
Old 09-27-2010, 06:18 AM   #6
hurryi
Member
 
Registered: Apr 2010
Distribution: RHEL
Posts: 77

Rep: Reputation: 8
Anyway you could set password what you want as root, so maybe in your case if security isnt so important why bother with pam?
just change their password with the root user, and of course password aging should not be activated
 
Old 09-27-2010, 07:15 AM   #7
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
hurryi, please don't resurrect dead threads. Check the dates before you post. Closed.
 
  


Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Security tip numero-uno? Use it! Turn it ON! sundialsvcs Linux - Security 1 11-08-2005 02:34 PM
How to start, stop, turn on, and turn off deamons BuckRogers01 Debian 3 08-16-2005 09:39 AM
PAM unable to open dlopen(/lib/security/pam_securetty.so) NavForum Debian 0 07-30-2005 04:10 PM
vsftpd + pam + virtual users - Pam cannot load database file. mdkelly069 Linux - Networking 3 09-22-2004 11:07 PM
How to turn off Xserver in the gui and turn it off in the command line geminiviper Linux - Newbie 8 08-20-2004 08:05 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:59 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration