LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-25-2009, 03:56 PM   #1
VMSlives
LQ Newbie
 
Registered: Mar 2005
Location: metro new york
Distribution: rhel3/fc2/rh9
Posts: 13

Rep: Reputation: 0
password complexity with pam_passwdqc.so


we have a line in /etc/pam.d/system-auth-ac on RH 5.1:

password requisite pam_passwdqc.so min=disabled,disabled,disabled,disabled,8

I believe this should require new passwords to be 4 character classes only with minimum size =8 (uppercase, lowercase, digits, special chars)

however running passwd also gives option of using
word:word,word

which only contains 2 of the required classes.
Is there any way to fix this so only 4 character class passwords can be generated ?
TIA
 
Old 03-26-2009, 07:06 PM   #2
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
Try adding random=0.

And read the manpages for pam_passwdqc(8).
 
Old 03-27-2009, 09:22 AM   #3
VMSlives
LQ Newbie
 
Registered: Mar 2005
Location: metro new york
Distribution: rhel3/fc2/rh9
Posts: 13

Original Poster
Rep: Reputation: 0
hi anomie

Yes, I had read the Manual pages before posting .. pretty confusing.
I had tried random=0 and passphrase=0 individually on the password requisite line before posting but had no luck. After using both options on the same line (late last night) , I was successful. I do not know if this is because of other options in my system-auth-ac file.
Thanks very much for your help !
 
Old 03-27-2009, 04:55 PM   #4
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
Maybe I can briefly clarify some things about pam_passwdqc(8):

First, it sounds like you understand most of the min=N0,N1,N2,N3,N4 directives. FYI, passphrases refer to a series of space-delimited words. This is a passphrase:
Code:
tokyo giraffe shell smiling
You can control passphrase length (by specifying N2 above), passphrase # of word requirements (by using passphrase=N), or turn them off entirely (by using passphrase=0).

As for the random option, check this dialog:
Code:
You can now choose the new password or passphrase.

A valid password should be a mix of upper and lower case letters,
digits, and other characters.  You can use a 12 character long
password with characters from at least 3 of these 4 classes, or
a 9 character long password containing characters from all the
classes.  An upper case letter that begins the password and a
digit that ends it do not count towards the number of character
classes used.

A passphrase should be of at least 3 words, 20 to 40 characters
long and contain enough different characters.

Alternatively, if noone else can see your terminal now, you can
pick this as your password: "miff!jagno_tuscany".

Enter new password:
No matter what your password requirements are, they can all be superseded in the case above if the user simply selects "miff!jagno_tuscany". By specifying random=0 you will disable that feature entirely.
 
1 members found this post helpful.
Old 03-30-2009, 04:19 PM   #5
VMSlives
LQ Newbie
 
Registered: Mar 2005
Location: metro new york
Distribution: rhel3/fc2/rh9
Posts: 13

Original Poster
Rep: Reputation: 0
thanks again, anomie.
I did not know what the man pages exactly meant by the term "passphrase".
All makes sense now....
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Password Complexity Rules zok Linux - Security 1 04-17-2007 05:34 PM
password complexity pasupuleti Linux - Security 18 09-24-2006 02:07 PM
password complexity moinpasha Linux - Security 11 09-13-2006 11:53 PM
password complexity moinpasha Programming 1 09-12-2006 06:24 AM
Setting password complexity Harry Seldon Linux - General 1 08-04-2006 03:33 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:55 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration