Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 10-11-2007, 04:35 AM   #1
Registered: Oct 2007
Distribution: Fedora, openSUSE
Posts: 252

Rep: Reputation: 39
How do I disable cracklib and use null passwords?


I would like the only user account on my desktop to have a null/empty password. How do I disable cracklib in the PAM configuration from saying this is not allowed? I can see how commenting out the cracklib line in /etc/pam.d/system-auth-ac could work, but that file is auto-generated by authconfig, and I don't want my changes to be lost when authconfig is run. It seems like authconfig should provide a way to do it, but none of its command-line or GUI options relate to cracklib. I tried setting USECRACKLIB=no in /etc/sysconfig/authconfig and running authconfig --updateall, but this simply reset the text file to USECRACKLIB=yes. How can I change this?

I'd also like to ask how much of a risk you think this is? I'm not worried about my flatmates/friends using my computer, in fact I'd rather they were able to do so without a password. But how easy would it be for someone to access my user account over the internet if I don't have a password?
Old 10-11-2007, 07:35 AM   #2
Registered: Feb 2007
Distribution: RHEL 4, SOLARIS 10
Posts: 91

Rep: Reputation: 15
If the machine is visible to the internet (which it may or may not be), it would get compromised very quickly by the scripts that scan around to random IP addresses and brute force attack them.

If you don't mind your flat mates logging in, just put a sticky note with the username and password on the monitor. That protects you from the bots to some degree and it allows you to use a good password because no one has to remember it.

Or you could run off a liveCD or something of the sort which doesn't generally use passwords that you need to know.
Old 10-11-2007, 09:27 AM   #3
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 378Reputation: 378Reputation: 378Reputation: 378
Wouldn't you be much better-off simply configuring your session manager to auto-login? I have my Ubuntu desktop (which uses GDM) configured like this for my parents. If your objective is simply to not have to type a password when the computer starts, auto-login is the way to go. You could even use a "guest" account for the auto-login, so that your personal account is still password-protected.
Old 10-11-2007, 07:35 PM   #4
Registered: Oct 2007
Distribution: Fedora, openSUSE
Posts: 252

Original Poster
Rep: Reputation: 39
Thanks for the advice. I've decided to retain my password and use auto-login. Out of interest, how would I disable cracklib? There must be a relatively simple way to do it!
Old 01-29-2011, 03:17 PM   #5
LQ Newbie
Registered: Apr 2005
Distribution: FC3
Posts: 1

Rep: Reputation: 1
Old thread but I'll post the answer anyway so others can find it...

Make the following changes in both /etc/pam.d/system-auth and /etc/pam.d/password-auth:

#password    requisite try_first_pass retry=3 type=
password    sufficient sha512 shadow nullok try_first_pass #use_authtok
password    requisite
The changes are:
  • comment-out the pam_cracklib line
  • comment-out the "use_authtok" argument on the pam_unix line

use_authtok effectively tells pam_unix to require a password from the previous step (formerly pam_cracklib). So if you leave it there after commenting-out pam_cracklib, no password is passed to pam_unix and it refuses to prompt for one itself and the whole operation fails.

So these changes cause pam_unix to prompt you for a password instead of pam_cracklib.
1 members found this post helpful.


authconfig, check, pam, password

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
cant install cracklib on suse MagusYilie Linux - Software 0 05-06-2006 11:10 PM
fstab-sync: error: libhal_ctx_init_direct: (null): (null) rpz Linux - Hardware 1 11-01-2005 05:42 AM
Sync MySQL passwords with local account passwords? turbine216 Linux - Software 2 02-18-2005 03:15 AM
Completely uninstalling MySQL and its passwords I locked myself out! Baix Linux - Newbie 2 01-30-2005 04:10 PM
Is there a way to sync Samba passwords with linux user passwords MarleyGPN Linux - Networking 2 09-09-2003 10:59 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:20 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration