The below is the current password policy , can advise .

1. the user can re-try the password in unlimied times , how can I control if the user login to the server with wrong password over 3 times , then lock the a/c ?

2. in current configuration , the password is case sensitive , how to cancel it ?

3. in current configuation , the password is not allow dictionary word , how to cancel it ? that mean user can use dictionary word as the passwod.



Thx in advance.

Point by point:

1. Should be doable with pam_tally(8). Check its manpages and search LQ for examples / discussions.
2. Probably by removing certain checks from your pam stack. Don't do that.
3. Ditto. Don't do that.

hi

this sounds like homework questions and include a trap.

I suggest you look first to see what your current security systems are. We can not tell you.

/etc/pam.d and /etc/security will be very useful to change where appropiate.

2) If you are interested in security and are not doing homework, forgive me.

Your (3) is dangerous....enough said or haven't you worked it out?

(2) increases the chance of brute attacks succeeding....depending on kb you have 26 characters that are letters and caps give you another 26....so a 52 factorial algorithm...ignoring special characters that can also be used and numbers

for the point , please ignore the security issue , can advise is it possible to do that ? thx