Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How do I get rid of this? It is really annoying... I use really strong password for root, like "m21sosg91t...", always generated passwords of 25 characters, an old obsession I have. But why should I use a strong password for my usual user? If someone guesses it, all I might lose is what I have in my home directory. Big deal!
So, my question is how do I change this? I googled for it and read I have to change /etc/pam.d/passwd or /etc/pam.d/system.auth. I tried to change both of them, but all I've got is "passwd" not work at all... Does anyone know how to do this?
And please, don't tell me what I read in this thread... This is not the answer to the question... Thank you.
This is not the point... When a user wants to use "kitchen" as his password, I want the system to allow this. If he wants to use a weak password, he knows he does this on his own risk and we all know this is annoying sometimes. As root, if you're trying to set a weak password you get a warning but the password is changed successfully. I would like the same behaviour for a usual user, too. Any suggestions?
The password check options are defined in /etc/security/pam_pwcheck.
These options only effect user passwords unless the "enforce_for_root" option is used.
See the "man 8 pam_pwcheck" man page for all of the options.
Looks like you have pam_pwcheck only on Suse. I don't know if it's recommended or not, but I tried to install it on my distro anyway, but I couldn't download it from their homepage and after I googled for it, all the sites led me to the homepage, too. Do you know any other way to do it? I will try later to download that module...
Just one more question:
Quote:
The pam_pwcheck is a PAM module for password strength checking. It makes additional checks upon password changes, but it doesn't make the change itself. It only provides functionality for one PAM management group: password changing.
This module works in the following manner: if enabled it calls at first the Cracklib routine to check the strength of the password; if crack likes the password, the module does an additional set of strength checks.
I bet that I you look around in the FC configuration program(s), you will find where you can adjust the policy you want to. Even if FC doesn't do it using PAM_PASSWD.
I was able to mostly figure out how to do this. I use SuSE 11.0, and I don't know how standard is the functionality I used.
1. Open YaST (entering root password)
2. Click on "Local Security" application
3. Choose Custom Settings (click Next)
4. Deselect "Check New Passwords" and "Test for Complicated Passwords"
5. Click Next and Finish to save.
I was then able to change my user's password.
Note that no warning is given unfortunately. I could not figure out any way to give a warning but then accept the insecure password.
I am going to try to figure out what configuration file was changed but I don't have much confidence.
The original file looks like this
------------------------------------------------------------------------------------
password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password required pam_deny.so
------------------------------------------------------------------------------------
Comment all the three lines
------------------------------------------------------------------------------------
# password requisite pam_cracklib.so try_first_pass retry=3
# password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
# password required pam_deny.so
------------------------------------------------------------------------------------
Add this line
------------------------------------------------------------------------------------
password sufficient /lib/security/$ISA/pam_unix.so nullok md5 shadow
------------------------------------------------------------------------------------
It will look like this now
------------------------------------------------------------------------------------
# password requisite pam_cracklib.so try_first_pass retry=3
# password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
# password required pam_deny.so
password sufficient /lib/security/$ISA/pam_unix.so nullok md5 shadow
------------------------------------------------------------------------------------
Note:
------------------------------------------------------------------------------------
If you run authconfig, the file /etc/pam.d/system-auth will be overwritten
------------------------------------------------------------------------------------
Last edited by OracleLinux; 01-04-2013 at 03:08 PM.
Thanks much for this answer. It's the onlyone that makes sense to me. I don't use GUIs much and all I wanted to do is run passwd to change a password.
This is elegent, simple and understandable
thanks
Quote:
Originally Posted by OracleLinux
vi /etc/pam.d/system-auth
The original file looks like this
------------------------------------------------------------------------------------
password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password required pam_deny.so
------------------------------------------------------------------------------------
Comment all the three lines
------------------------------------------------------------------------------------
# password requisite pam_cracklib.so try_first_pass retry=3
# password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
# password required pam_deny.so
------------------------------------------------------------------------------------
Add this line
------------------------------------------------------------------------------------
password sufficient /lib/security/$ISA/pam_unix.so nullok md5 shadow
------------------------------------------------------------------------------------
It will look like this now
------------------------------------------------------------------------------------
# password requisite pam_cracklib.so try_first_pass retry=3
# password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
# password required pam_deny.so
password sufficient /lib/security/$ISA/pam_unix.so nullok md5 shadow
------------------------------------------------------------------------------------
Note:
------------------------------------------------------------------------------------
If you run authconfig, the file /etc/pam.d/system-auth will be overwritten
------------------------------------------------------------------------------------
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.