Is this Pam configuration possible?
Our password requirements include:
1. Minimum length of password is 8 characters. (This password will expire in 90 days.)
2. If password is 13 characters or greater, password will never expire.
NOTE: I already have a script that manages password expiration instead of using pam.
Shown below is my attempt in /etc/pam.d/system-auth. What I am trying to accomplish is to run a script only if the user inputs a 13 character password. So far I have not found any configuration in pam that will accomplish this. Can anyone please help me in determining if this is possible with pam?
Attempt with /etc/pam.d/system-auth:
password requisite pam_cracklib.so try_first_pass retry=3 minlen=8
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password optional pam_cracklib.so try_first_pass retry=3 minlen=13
password optional pam_exec.so /usr/bin/password_donot_expire.sh
password required pam_deny.so
|