Implementing Security Policies
Stephen John Smoogen
smooge at gmail.com
Fri Jun 23 16:44:26 UTC 2006
On 6/23/06, Bhaskar <abc.bhaskar at gmail.com> wrote:
>
>
> >
> > THat is correct. You will also need to run through /etc/shadow and
> > make sure that any account with passwords has the correct values in
> > them also.
>
>
> What do you exactly mean by running through /etc/shadow.
>
After you have gotten approval for a policy (or had a policy laid out)
you would go through existing accounts and retrochange their ages.
for acct in `awk -F: '{print $1}'`; do
chage -m 5 -M 90 ${acct}
done
And then force everyone who already has an account to change their
passwords at next setting.
>
> > Password history you will need to use the pam_passwdqc moduel in pam.
> >
> > Most security policies will ask for a minimum length of 7 characters
> > (though 8 is preferred), and a change time of 90 days.
>
>
>
> As I mentioned, I changed /etc/pam.d/system-auth file and /etc/login.defs
> file(Made minimum password length as 9), but it is not reflecting when the
> user issues passwd command.
>
That I didn't see before in your message.
>
> I will do some home work here and get back to you on Monday.
>
--
Stephen J Smoogen.
CSIRT/Linux System Administrator
More information about the Fedora-security-list
mailing list