LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 08-01-2006, 01:18 AM   #1
sunhui
Member
 
Registered: Jan 2006
Location: taiwan
Posts: 156

Rep: Reputation: 30
Change password policy


When I force the user to change the password , the user will prompt the message (BAD PASSWORD: it is based on a dictionary word) , I understand this is a security reason to probit simple password , but if I want to disable this restriction ( that means the linux system allow any dictionary word ) , what can I do ? thx.
 
Old 08-01-2006, 01:39 AM   #2
Sailesh
LQ Newbie
 
Registered: Jul 2006
Posts: 16

Rep: Reputation: 0
I think u need to change cracklib in sytem-auth file.
But better take backup before doing it.

Its not my advice.. I read it somewhere... Check where the file is present and modify...
 
Old 08-01-2006, 02:49 AM   #3
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 680Reputation: 680Reputation: 680Reputation: 680Reputation: 680Reputation: 680
You should provide more information on which distro you are using. Does your system use PAM for authentication?

If so, look in the file /etc/security/pam_pwcheck.conf. It may have it's own manpage. Also, your distro may have GUI configuration for something like Users & Security where you can set it there.
Code:
# pam_pwcheck config file
#
# This file contains options for the pam_pwcheck.so module.
#
# At first, pam_pwcheck will read this file and then uses the local
# options.
#
# Please read the pam_pwcheck.8 manual page for a list of valid
# options.
#
# Example:
#  password:    nullok cracklib remember=8
#
password:       remember=6 minlen=6 cracklib nullok
The pam_pwcheck.so module may be used on one of the files in /etc/pam.d/.
 
Old 08-01-2006, 04:06 AM   #4
sunhui
Member
 
Registered: Jan 2006
Location: taiwan
Posts: 156

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by Sailesh
I think u need to change cracklib in sytem-auth file.
But better take backup before doing it.

Its not my advice.. I read it somewhere... Check where the file is present and modify...
If remove this line , the system will allow any kind of password that means all insecure password eg. too short , too simple , similiar password are allowed , if I only want to disable the restriction (BAD PASSWORD: it is based on a dictionary word) , what can I do ? thx
 
Old 08-01-2006, 04:51 AM   #5
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 680Reputation: 680Reputation: 680Reputation: 680Reputation: 680Reputation: 680
Maybe you could change the dictionary path that cracklib uses. However doing away with this restriction is a very bad idea. It would open up your computer to a simple dictionary attack.
 
Old 08-01-2006, 09:26 PM   #6
sunhui
Member
 
Registered: Jan 2006
Location: taiwan
Posts: 156

Original Poster
Rep: Reputation: 30
I would like to have one more requirement , the default password length is at least 7 characters, if I want to change the default setting , that the system accept the password length is 6 characters , what can i do ? thx
 
Old 08-02-2006, 02:26 AM   #7
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 680Reputation: 680Reputation: 680Reputation: 680Reputation: 680Reputation: 680
Change the minlength setting in /etc/security/pam_pwcheck
Code:
# pam_pwcheck config file
#
# This file contains options for the pam_pwcheck.so module.
#
# At first, pam_pwcheck will read this file and then uses the local
# options.
#
# Please read the pam_pwcheck.8 manual page for a list of valid
# options.
#
# Example:
#  password:    nullok cracklib remember=8
#
password:       remember=6 minlen=6 cracklib nullok
 
Old 08-02-2006, 08:54 PM   #8
sunhui
Member
 
Registered: Jan 2006
Location: taiwan
Posts: 156

Original Poster
Rep: Reputation: 30
thx reply ,

the password length is Ok now , thx for help.

I would like to ask again , now my system accept the numerics only or characters only password , for example , the password can be 741852 ( all numerics ) or poiuyt ( all characters ) , if I want to control the password MUST have BOTH characters AND numerics , what can I do ? thx
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
password policy Nick Pontelando Linux - Security 9 08-15-2012 09:50 AM
How to set the password policy and lockout policy bin_shell Linux - Security 4 03-24-2010 03:30 PM
Password Expiration Policy bspicer Linux - General 7 05-12-2007 03:26 AM
Password policy sunhui Linux - Software 2 05-12-2006 03:19 AM
password policy ust Linux - Software 0 12-05-2005 12:44 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 10:09 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration