[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: damn dictionary



Chris M Ruffin wrote:
> 
> How do I set up PAM to allow me to enter any
> password I choose, without it being too short, in
> the dictionary, etc. etc.??
> Replies to cmr4@ece.msstate.edu please
> 
What also 'helps' to make the system somewhat more foregiving
is:
/usr/sbin/create_cracklib_dict /dev/null

This creates an empty cracklib dictionnary in /usr/lib.
(The create_cracklib_dict script on my system was broken by
the way: replace '[ -z "" ]' with '[ -z "$1" ]' and
'/usr/bin/mkdict  |' with '/usr/bin/mkdict $1 |').

Or replace the word list with something simpler. If you're
sure no one will attack you system by trying all the words
from /usr/dict/words...

Interestingly enough, even at the severest level, the system
does not forbid the use of your own username as password.
Nor does it forbid something like 'qwertyui'. (To catch such
weaknesses it should know about the layouts of the different
types of keyboard).

Han



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []