[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Security PAM Problem



Hello,

I have purchased RedHat 7 standard and Im having problems with PAM (I spoke to Michael) see below for our conversation and he suggested I speak to you...

Basically I want to use WU IMAP but this uses PAM which is too good! I need to be able for users to set simple passwords (this is for schools) without the usual password length and dictionary checks...

I tried removing the pam_cracklibs line from /etc/pam.d/system-auth but with no luck (see conversation below)

Any ideas? The council is about to bin this project in exchange from M$ Proxy and Exchange server if I dont get it sussed this week...


Thanks loads,



Dave






From: "Michael K. Johnson" <johnsonm@redhat.com>
To: "David Homer" <davidhomer@hotmail.com>
Subject: Re: Security PAM Problem
Date: Wed, 29 Nov 2000 13:40:41 -0500


I gave you another contact; pam-list@redhat.com is better than asking any one person. I haven't personally been involved in PAM for a few years. That doesn't mean that no one at Red Hat has any idea. I am just in a completely different group and it's not what I specialize in any more.

michaelkjohnson

 "He that composes himself is wiser than he that composes a book."
 Linux Application Development                     -- Ben Franklin
 http://people.redhat.com/johnsonm/lad/


"David Homer" writes:
>Oh man! You're from RedHat and you dont know... This is not good - is there
>anyone else at RedHat that might know about this
>
>This is basically going to get my project binned and Linux scrapped totally
>from being used in the schools if I dont sort this THIS WEEK!
>
>Please any other contacts or anything will be much appreciated!!!!
>
>
>Thanks again
>
>
>Dave
>
>
>
>
>>From: "Michael K. Johnson" <johnsonm@redhat.com>
>>To: "David Homer" <davidhomer@hotmail.com>
>>Subject: Re: Security PAM Problem
>>Date: Wed, 29 Nov 2000 12:13:40 -0500
>>
>>
>>Then I'm not sure; pam_unix might be doing its own checks. I haven't
>>touched pam for a while... pam-list is probably a better place to
>>ask.
>>
>>michaelkjohnson
>>
>> "He that composes himself is wiser than he that composes a book."
>> Linux Application Development -- Ben Franklin
>> http://people.redhat.com/johnsonm/lad/
>>
>>
>>"David Homer" writes:
>> >Hey thanks for the reply!
>> >
>> >I am using RedHat 7 and the version of PAM that came with RedHat7
>> >
>> >The file that is used system-auth - I have edited the system-auth file
>>and
>> >commented out the pam_craclib line and now the first time I put a
>>password
>> >in it doesnt check it but it then asks for the password to be confirmed
>>and
>> >the usual rules kick in and the password is rejected based on size,
>> >dictionary check etc etc
>> >
>> >Am I missing something here
>> >
>> >
>> >PS I also removed the pam_cracklib.so file so its not using it...
>> >
>> >
>> >Thanks
>> >
>> >
>> >Dave
>> >
>> >
>> >
>> >
>> >>From: "Michael K. Johnson" <johnsonm@redhat.com>
>> >>To: "David Homer" <davidhomer@hotmail.com>
>> >>Subject: Re: Security PAM Problem
>> >>Date: Wed, 29 Nov 2000 10:04:55 -0500
>> >>
>> >>
>> >>/etc/pam.d/passwd or system-auth (depending on version)
>> >>remove or comment out the pam_cracklib line.
>> >>
>> >>"David Homer" writes:
>> >> >Hello,
>> >> >
>> >> >
>> >> >Sorry to bother you but I have a problem with PAM in that it gives too
>> >>much
>> >> >security and I've seen that you deal with PAM.
>> >> >
>> >> >
>> >> >
>> >> >I need users to be able to change their password to a simple four
>>letter
>> >>or
>> >> >more word with no dictionary checks etc... (This is for schools e-mail
>> >> >servers)
>> >> >
>> >> >
>> >> >
>> >> >I am using RedHat 7 with PAM-0.72-26 that came with it
>> >> >
>> >> >
>> >> >
>> >> >What I've done...
>> >> >
>> >> >I have edited /etc/pam.d/system-auth and commented out the
>> >>pam_cracklib.so
>> >> >line and when you put the new password in its ok but when you are
>>asked
>> >>to
>> >> >reenter password the normal check applies and the passwords are
>>rejected
>> >>by
>> >> >length, dictionary check and not enough different characters etc etc
>> >> >
>> >> >
>> >> >How can I stop these checks for new user passwords?
>> >> >
>> >> >
>> >> >Any help would be great!
>> >> >
>> >> >
>> >> >Thanks
>> >> >
>> >> >
>> >> >Dave
>> >> >
>> >> >
>> >>
>> >_____________________________________________________________________________________
>> >> >Get more from the Web. FREE MSN Explorer download :
>> >>http://explorer.msn.com
>> >> >
>> >>
>> >
>> >_____________________________________________________________________________________
>> >Get more from the Web. FREE MSN Explorer download :
>>http://explorer.msn.com
>> >
>>
>
>_____________________________________________________________________________________
>Get more from the Web. FREE MSN Explorer download : http://explorer.msn.com
>



_____________________________________________________________________________________ Get more from the Web. FREE MSN Explorer download : http://explorer.msn.com





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []