LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 05-27-2006, 06:40 PM   #1
zahadumy
Member
 
Registered: May 2005
Location: Cluj, Romania
Distribution: Fedora Core 6
Posts: 226

Rep: Reputation: 31
BAD PASSWORD: it is based on a dictionary word


How do I get rid of this? It is really annoying... I use really strong password for root, like "m21sosg91t...", always generated passwords of 25 characters, an old obsession I have. But why should I use a strong password for my usual user? If someone guesses it, all I might lose is what I have in my home directory. Big deal!
So, my question is how do I change this? I googled for it and read I have to change /etc/pam.d/passwd or /etc/pam.d/system.auth. I tried to change both of them, but all I've got is "passwd" not work at all... Does anyone know how to do this?

And please, don't tell me what I read in this thread... This is not the answer to the question... Thank you.
 
Old 05-27-2006, 06:42 PM   #2
alitrix
Member
 
Registered: Jun 2003
Location: Netherlands, The
Distribution: Ubuntu, Kernel 2.6.7
Posts: 169

Rep: Reputation: 30
But did u try to change it with root?
Thought it root it's possible to use weak passwords even if it's not preferred
 
Old 05-27-2006, 06:51 PM   #3
zahadumy
Member
 
Registered: May 2005
Location: Cluj, Romania
Distribution: Fedora Core 6
Posts: 226

Original Poster
Rep: Reputation: 31
This is not the point... When a user wants to use "kitchen" as his password, I want the system to allow this. If he wants to use a weak password, he knows he does this on his own risk and we all know this is annoying sometimes. As root, if you're trying to set a weak password you get a warning but the password is changed successfully. I would like the same behaviour for a usual user, too. Any suggestions?

Last edited by zahadumy; 05-27-2006 at 06:52 PM.
 
Old 05-27-2006, 07:37 PM   #4
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 677Reputation: 677Reputation: 677Reputation: 677Reputation: 677Reputation: 677
The password check options are defined in /etc/security/pam_pwcheck.
These options only effect user passwords unless the "enforce_for_root" option is used.

See the "man 8 pam_pwcheck" man page for all of the options.
 
Old 05-27-2006, 08:36 PM   #5
zahadumy
Member
 
Registered: May 2005
Location: Cluj, Romania
Distribution: Fedora Core 6
Posts: 226

Original Poster
Rep: Reputation: 31
Looks like you have pam_pwcheck only on Suse. I don't know if it's recommended or not, but I tried to install it on my distro anyway, but I couldn't download it from their homepage and after I googled for it, all the sites led me to the homepage, too. Do you know any other way to do it? I will try later to download that module...

Just one more question:
Quote:
The pam_pwcheck is a PAM module for password strength checking. It makes additional checks upon password changes, but it doesn't make the change itself. It only provides functionality for one PAM management group: password changing.

This module works in the following manner: if enabled it calls at first the Cracklib routine to check the strength of the password; if crack likes the password, the module does an additional set of strength checks.
Are you sure this is what I'm looking for?

Last edited by zahadumy; 05-27-2006 at 08:48 PM.
 
Old 05-28-2006, 09:50 AM   #6
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 677Reputation: 677Reputation: 677Reputation: 677Reputation: 677Reputation: 677
You probably have a gui Users & Groups option that sets the same policy.

I bet it is in the manual if you look closely enough.


If you are interested in the pam_pwcheck module, here is its homepage on the web:
http://freshmeat.net/projects/pam_pwcheck/
 
Old 05-28-2006, 10:05 AM   #7
zahadumy
Member
 
Registered: May 2005
Location: Cluj, Romania
Distribution: Fedora Core 6
Posts: 226

Original Poster
Rep: Reputation: 31
Oka, thank you. Can you download it from their homepage, which is basically the same page I provided? Because from here that link doesn't work...
 
Old 05-29-2006, 03:07 AM   #8
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 677Reputation: 677Reputation: 677Reputation: 677Reputation: 677Reputation: 677
I just checked this link:
http://freshmeat.net/redir/pam_pwche...ck-3.0.tar.bz2

try:
wget http://freshmeat.net/redir/pam_pwche...ck-3.0.tar.bz2

But first, check if you have the modules but FC doesn't use it.
/lib/security/pam_pwcheck.so
/lib64/security/pam_pwcheck.so

On my system, it was provided by a pam_modules package.

Last edited by jschiwal; 05-29-2006 at 03:23 AM.
 
Old 05-29-2006, 01:53 PM   #9
zahadumy
Member
 
Registered: May 2005
Location: Cluj, Romania
Distribution: Fedora Core 6
Posts: 226

Original Poster
Rep: Reputation: 31
Thank you.

Last edited by zahadumy; 05-29-2006 at 02:08 PM.
 
Old 06-01-2006, 05:47 AM   #10
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 677Reputation: 677Reputation: 677Reputation: 677Reputation: 677Reputation: 677
I bet that I you look around in the FC configuration program(s), you will find where you can adjust the policy you want to. Even if FC doesn't do it using PAM_PASSWD.
 
Old 11-05-2008, 09:36 AM   #11
happyharris
LQ Newbie
 
Registered: Mar 2007
Posts: 1
Blog Entries: 1

Rep: Reputation: 0
I was able to mostly figure out how to do this. I use SuSE 11.0, and I don't know how standard is the functionality I used.

1. Open YaST (entering root password)
2. Click on "Local Security" application
3. Choose Custom Settings (click Next)
4. Deselect "Check New Passwords" and "Test for Complicated Passwords"
5. Click Next and Finish to save.

I was then able to change my user's password.

Note that no warning is given unfortunately. I could not figure out any way to give a warning but then accept the insecure password.

I am going to try to figure out what configuration file was changed but I don't have much confidence.
 
Old 08-10-2011, 12:03 PM   #12
tgutierrez
LQ Newbie
 
Registered: Aug 2011
Posts: 1

Rep: Reputation: Disabled
You can establish the encrypted password directly when you create users

1.- Retrive the encrypted password: perl -e 'print crypt("password", "salt"),"\n"', its output is something like sajH.KaRIwx/k

2.- Crete the user using this output: useradd -g group -c "comentaio" -s /bin/bash -m -d -p sajH.KaRIwx/k user01
 
Old 01-04-2013, 04:04 PM   #13
OracleLinux
LQ Newbie
 
Registered: Jan 2013
Posts: 1

Rep: Reputation: Disabled
Wink An answer for the original question

vi /etc/pam.d/system-auth

The original file looks like this
------------------------------------------------------------------------------------
password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password required pam_deny.so
------------------------------------------------------------------------------------

Comment all the three lines
------------------------------------------------------------------------------------
# password requisite pam_cracklib.so try_first_pass retry=3
# password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
# password required pam_deny.so
------------------------------------------------------------------------------------

Add this line
------------------------------------------------------------------------------------
password sufficient /lib/security/$ISA/pam_unix.so nullok md5 shadow
------------------------------------------------------------------------------------

It will look like this now
------------------------------------------------------------------------------------
# password requisite pam_cracklib.so try_first_pass retry=3
# password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
# password required pam_deny.so
password sufficient /lib/security/$ISA/pam_unix.so nullok md5 shadow
------------------------------------------------------------------------------------

Note:
------------------------------------------------------------------------------------
If you run authconfig, the file /etc/pam.d/system-auth will be overwritten
------------------------------------------------------------------------------------

Last edited by OracleLinux; 01-04-2013 at 04:08 PM.
 
Old 02-05-2015, 06:20 PM   #14
kdannehl
LQ Newbie
 
Registered: Jun 2014
Posts: 1

Rep: Reputation: Disabled
Thumbs up Thanks Much!!

Thanks much for this answer. It's the onlyone that makes sense to me. I don't use GUIs much and all I wanted to do is run passwd to change a password.

This is elegent, simple and understandable
thanks






Quote:
Originally Posted by OracleLinux View Post
vi /etc/pam.d/system-auth

The original file looks like this
------------------------------------------------------------------------------------
password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password required pam_deny.so
------------------------------------------------------------------------------------

Comment all the three lines
------------------------------------------------------------------------------------
# password requisite pam_cracklib.so try_first_pass retry=3
# password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
# password required pam_deny.so
------------------------------------------------------------------------------------

Add this line
------------------------------------------------------------------------------------
password sufficient /lib/security/$ISA/pam_unix.so nullok md5 shadow
------------------------------------------------------------------------------------

It will look like this now
------------------------------------------------------------------------------------
# password requisite pam_cracklib.so try_first_pass retry=3
# password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
# password required pam_deny.so
password sufficient /lib/security/$ISA/pam_unix.so nullok md5 shadow
------------------------------------------------------------------------------------

Note:
------------------------------------------------------------------------------------
If you run authconfig, the file /etc/pam.d/system-auth will be overwritten
------------------------------------------------------------------------------------
 
Old 07-21-2016, 07:20 AM   #15
noutg
LQ Newbie
 
Registered: May 2011
Posts: 1

Rep: Reputation: Disabled
BAD PASSWORD: it is based on a dictionary word

Onwards from rhel6.8 /etc/pam.d/system-auth-ac (among others has changed).

If you copy & paste from a < rhel6.8 then short insecure passwds will be accepted (if you are root)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
password for microsoft word file ankscorek Linux - Security 1 05-17-2006 01:53 PM
ispell - remove word from dictionary? TangentSpace Linux - Software 0 10-19-2005 04:04 PM
is there any good X11-based word processor? pyenos Linux - Software 3 03-13-2005 04:50 AM
a word dictionary. jobano Linux - General 3 08-31-2004 07:24 PM
Any Text-Based Word Processors for Linux? linguae Linux - Software 10 07-06-2004 06:21 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 05:58 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration