LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Red Hat
User Name
Password
Red Hat This forum is for the discussion of Red Hat Linux.

Notices


Reply
  Search this Thread
Old 04-30-2009, 02:24 PM   #1
VMSlives
LQ Newbie
 
Registered: Mar 2005
Location: metro new york
Distribution: rhel3/fc2/rh9
Posts: 13

Rep: Reputation: 0
password complexity not working on RH4 update 5


Hi Everyone

I'm having no success getting password complexity to work with RH4/U5.
Added/modified the following to /etc/pam.d/system-auth

password required /lib/security/$ISA/pam_passwdqc.so min=disabled,disabled,disabled,disabled,12

password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow nis remember=24

I have deployed complexity before on other releases w/o problems.
This one is a NIS server, but I have other NIS servers working fine.
I even tried copying system-auth from a RH4/U2 NIS server which performs complexity to the RH4/U5 system - no luck.
When I attempt to change a user password from a user acct, get message that password must be at least 6 characters. The system-auth file I am using dictates 12 characters with 4 different character cases.
/etc/login.defs also has minimum length set to 12 - no idea where the 6 character limit is coming from.
I also tried using cracklib.so with minlen=12 , no luck there either.

All security packages are installed on the RH4/U5 server
thanks in advance for your help
 
Old 05-01-2009, 12:07 PM   #2
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
I am assuming you've stacked system-auth correctly, because you said:
Quote:
I even tried copying system-auth from a RH4/U2 NIS server which performs complexity to the RH4/U5 system - no luck.
So my next WAG is that your software environments are marginally different between the broken and working servers. Maybe you're just missing a package or two on the broken server.

Anyway, what I would do is install the strace package. Then fire up a script session and trace the system calls that passwd is making. For example:
Code:
$ strace passwd
Enter your current password when prompted, because you need it to get to the point that it's prompting for a new password. Follow these steps on the broken server and on a working server. Then compare the results and see where the broken one is falling down.

This is going to be a painstaking process (with a lot of output to sift through), but that's how I would approach it.

---

edit: Do you have a working RHEL 4.5 installation? If so, I'd compare against that so that you're comparing apples to apples...

Last edited by anomie; 05-01-2009 at 12:09 PM.
 
Old 05-05-2009, 02:38 PM   #3
VMSlives
LQ Newbie
 
Registered: Mar 2005
Location: metro new york
Distribution: rhel3/fc2/rh9
Posts: 13

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by anomie View Post
I am assuming you've stacked system-auth correctly, because you said:


So my next WAG is that your software environments are marginally different between the broken and working servers. Maybe you're just missing a package or two on the broken server.

Anyway, what I would do is install the strace package. Then fire up a script session and trace the system calls that passwd is making. For example:
Code:
$ strace passwd
Enter your current password when prompted, because you need it to get to the point that it's prompting for a new password. Follow these steps on the broken server and on a working server. Then compare the results and see where the broken one is falling down.

This is going to be a painstaking process (with a lot of output to sift through), but that's how I would approach it.

---

edit: Do you have a working RHEL 4.5 installation? If so, I'd compare against that so that you're comparing apples to apples...
you have bailed me out again . the passwd binary was linked to yppasswd . I restored /usr/bin/passwd, all is well. Too many admins have root pw !!!

thanks once more
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
password complexity with pam_passwdqc.so VMSlives Linux - Security 4 03-30-2009 03:19 PM
password complexity pasupuleti Linux - Security 18 09-24-2006 01:07 PM
password complexity moinpasha Linux - Security 11 09-13-2006 10:53 PM
password complexity moinpasha Programming 1 09-12-2006 05:24 AM
Setting password complexity Harry Seldon Linux - General 1 08-04-2006 02:33 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Red Hat

All times are GMT -5. The time now is 03:17 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration