LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Cracklib defaults
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-09-2015, 04:02 PM   #1
adamp_oh
LQ Newbie
 
Registered: Feb 2015
Posts: 2

Rep: Reputation: Disabled
Cracklib defaults

Regarding the various parameters one can use to configure password parameters with cracklib, are there any "defaults".

If I were to use only "retry=3" would only enforce the 3 tries before I'm not allowed to attempt a password. If I do not specify a "remember=x" parameter, are no passwords remembered or are all passwords remembered?
 
Old 02-09-2015, 10:37 PM   #2
veerain
Senior Member
 
Registered: Mar 2005
Location: Earth bound to Helios
Distribution: Custom
Posts: 2,524

Rep: Reputation: 319Reputation: 319Reputation: 319Reputation: 319
See this site.

Or read man page of pam_cracklib.
 
Old 02-10-2015, 07:04 AM   #3
adamp_oh
LQ Newbie
 
Registered: Feb 2015
Posts: 2

Original Poster
Rep: Reputation: Disabled
Insightful answer, thank you for the effort.
 
Old 02-16-2015, 08:38 PM   #4
mijohnst
Member
 
Registered: Nov 2003
Location: Huntsville, AL
Distribution: RHEL, Solaris, OSX, SuSE
Posts: 419

Rep: Reputation: 31
I'm just switching over from pam_passwdqc but this is what I've added to my systems. Hope it helps. I was was able to find a really good info at the redhat sit.

Code:
auth        required      pam_env.so
auth        required      pam_faillock.so preauth silent audit deny=3 even_deny_root unlock_time=3600 root_unlock_time=600
auth        sufficient    pam_unix.so nullok try_first_pass
auth        [default=die] pam_faillock.so authfail deny=3 unlock_time=604800 fail_interval=900
auth        sufficient    pam_faillock.so authsucc deny=3 unlock_time=604800 fail_interval=900
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        required      pam_deny.so

account     required      pam_faillock.so
account     required      pam_unix.so
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     required      pam_permit.so

password    required      pam_cracklib.so minlen=10 lcredit=1 ucredit=1 dcredit=1 ocredit=1 difok=4
password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     optional      pam_oddjob_mkhomedir.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Fun with PAM - how does cracklib really work? berndbausch Linux - Security 1 12-20-2013 01:39 PM
[SOLVED] pam cracklib.so watervaruna Linux - Security 2 10-14-2011 07:20 PM
How do I disable cracklib and use null passwords? openSauce Linux - Security 4 01-29-2011 03:17 PM
Authentication failure after change to cracklib Johnomal Linux - Newbie 6 09-07-2009 12:11 AM
cant install cracklib on suse MagusYilie Linux - Software 0 05-06-2006 11:10 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:04 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration