[Freeipa-users] Password requirements too stringent
Tim Hildred
thildred at redhat.com
Tue Sep 18 02:53:29 UTC 2012
JR
I had that line. I commented it out. Thank you.
Now, what do I have to restart?
Tim Hildred, RHCE
Content Author II - Engineering Content Services, Red Hat, Inc.
Brisbane, Australia
Email: thildred at redhat.com
Internal: 8588287
Mobile: +61 4 666 25242
IRC: thildred
----- Original Message -----
> From: "JR Aquino" <JR.Aquino at citrix.com>
> To: "Tim Hildred" <thildred at redhat.com>
> Cc: "freeipa-users" <freeipa-users at redhat.com>
> Sent: Tuesday, September 18, 2012 12:37:48 PM
> Subject: Re: [Freeipa-users] Password requirements too stringent
>
> Tim, please check your /etc/pam.d/system-auth with the password
> block. If you see password requisite pam_cracklib.so, then
> this is why you are having a problem.
>
> $ man pam_cracklib
>
> It is a local security library for enforcing strong password
> practices from the unix cli.
>
> ProTip:
> If you don't need this, you can remove it from pam
> If you want to work around this, set your password from the IPA webui
> or via the cli: "ipa passwd username"
>
> Hope this info helps!
>
> "Keeping your head in the cloud"
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> JR Aquino
>
> Senior Information Security Specialist, Technical Operations
> T: +1 805 690 3478 | F: +1 805 879 3730 | M: +1 805 717 0365
> GIAC Certified Incident Handler | GIAC WebApplication Penetration
> Tester
> JR.Aquino at citrix.com<mailto:JR.Aquino at citrix.com>
>
>
> [cid:image002.jpg at 01CD4A37.5451DC00]
>
> Powering mobile workstyles and cloud services
>
>
>
>
>
> On Sep 17, 2012, at 6:25 PM, Tim Hildred wrote:
>
> Hey all;
>
> I'm running IPA internally to control access to our cloud
> environment.
>
> I must admit, I do not understand the password requirements. I have
> had them set to the defaults. I read this:
> https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/user-pwdpolicy.html
>
> I have the minimum character classes set to 0. When people use SSH to
> change their passwords, they get "Based on a dictionary word" for
> passwords that have nothing to do with dictionary words.
>
> I can't find anywhere in the documentation a break down of what makes
> an unacceptable versus acceptable password.
>
> Can anyone help me figure out what to tell my users? I think people
> would get a lot less frustrated if they knew why "C679V375" was "too
> simple" when the password policy has 0 required classes.
>
> Tim Hildred, RHCE
> Content Author II - Engineering Content Services, Red Hat, Inc.
> Brisbane, Australia
> Email: thildred at redhat.com
> Internal: 8588287
> Mobile: +61 4 666 25242
> IRC: thildred
>
> ps: funny exchange with user:
> Jul 12 14:12:33 <user1> i feel like im being punked
> Jul 12 14:12:40 <user1> it is based on a dictionary word
> Jul 12 14:12:43 <user1> it is too short
> Jul 12 14:12:49 <user1> is does not have enough unique letters
> Jul 12 14:12:51 <user1> etc
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
More information about the Freeipa-users
mailing list