[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

gossip [was Re: Security PAM Problem]



Offline David and I have discovered that the fact pam_unix is compiled
with cracklib support by redhat so the default stack is being checked by
libcrack twice.

His workaround for now is to use pam_pwdb.

I'm itching to release 0.73. So those out there who maintain their own
trees, be prepared to synch up. Sourceforce is up to date with all I
plan to include in this release, bar some 'make release' code.

Cheers

Andrew

David Homer wrote:
> 
> Hello,
> 
> I have purchased RedHat 7 standard and Im having problems with PAM (I spoke
> to Michael) see below for our conversation and he suggested I speak to
> you...
> 
> Basically I want to use WU IMAP but this uses PAM which is too good! I need
> to be able for users to set simple passwords (this is for schools) without
> the usual password length and dictionary checks...
> 
> I tried removing the pam_cracklibs line from /etc/pam.d/system-auth but with
> no luck (see conversation below)
> 
> Any ideas? The council is about to bin this project in exchange from M$
> Proxy and Exchange server if I dont get it sussed this week...
> 
> Thanks loads,
> 
> Dave
> 
> >From: "Michael K. Johnson" <johnsonm@redhat.com>
> >To: "David Homer" <davidhomer@hotmail.com>
> >Subject: Re: Security PAM Problem
> >Date: Wed, 29 Nov 2000 13:40:41 -0500
> >
> >
> >I gave you another contact; pam-list@redhat.com is better than asking
> >any one person.  I haven't personally been involved in PAM for a few
> >years.  That doesn't mean that no one at Red Hat has any idea.  I
> >am just in a completely different group and it's not what I specialize
> >in any more.
> >
> >michaelkjohnson
> >
> >  "He that composes himself is wiser than he that composes a book."
> >  Linux Application Development                     -- Ben Franklin
> >  http://people.redhat.com/johnsonm/lad/
> >
> >
> >"David Homer" writes:
> > >Oh man! You're from RedHat and you dont know... This is not good - is
> >there
> > >anyone else at RedHat that might know about this
> > >
> > >This is basically going to get my project binned and Linux scrapped
> >totally
> > >from being used in the schools if I dont sort this THIS WEEK!
> > >
> > >Please any other contacts or anything will be much appreciated!!!!
> > >
> > >
> > >Thanks again
> > >
> > >
> > >Dave
> > >
> > >
> > >
> > >
> > >>From: "Michael K. Johnson" <johnsonm@redhat.com>
> > >>To: "David Homer" <davidhomer@hotmail.com>
> > >>Subject: Re: Security PAM Problem
> > >>Date: Wed, 29 Nov 2000 12:13:40 -0500
> > >>
> > >>
> > >>Then I'm not sure; pam_unix might be doing its own checks.  I haven't
> > >>touched pam for a while...  pam-list is probably a better place to
> > >>ask.
> > >>
> > >>michaelkjohnson
> > >>
> > >>  "He that composes himself is wiser than he that composes a book."
> > >>  Linux Application Development                     -- Ben Franklin
> > >>  http://people.redhat.com/johnsonm/lad/
> > >>
> > >>
> > >>"David Homer" writes:
> > >> >Hey thanks for the reply!
> > >> >
> > >> >I am using RedHat 7 and the version of PAM that came with RedHat7
> > >> >
> > >> >The file that is used system-auth - I have edited the system-auth file
> > >>and
> > >> >commented out the pam_craclib line and now the first time I put a
> > >>password
> > >> >in it doesnt check it but it then asks for the password to be
> >confirmed
> > >>and
> > >> >the usual rules kick in and the password is rejected based on size,
> > >> >dictionary check etc etc
> > >> >
> > >> >Am I missing something here
> > >> >
> > >> >
> > >> >PS I also removed the pam_cracklib.so file so its not using it...
> > >> >
> > >> >
> > >> >Thanks
> > >> >
> > >> >
> > >> >Dave
> > >> >
> > >> >
> > >> >
> > >> >
> > >> >>From: "Michael K. Johnson" <johnsonm@redhat.com>
> > >> >>To: "David Homer" <davidhomer@hotmail.com>
> > >> >>Subject: Re: Security PAM Problem
> > >> >>Date: Wed, 29 Nov 2000 10:04:55 -0500
> > >> >>
> > >> >>
> > >> >>/etc/pam.d/passwd or system-auth (depending on version)
> > >> >>remove or comment out the pam_cracklib line.
> > >> >>
> > >> >>"David Homer" writes:
> > >> >> >Hello,
> > >> >> >
> > >> >> >
> > >> >> >Sorry to bother you but I have a problem with PAM in that it gives
> >too
> > >> >>much
> > >> >> >security and I've seen that you deal with PAM.
> > >> >> >
> > >> >> >
> > >> >> >
> > >> >> >I need users to be able to change their password to a simple four
> > >>letter
> > >> >>or
> > >> >> >more word with no dictionary checks etc... (This is for schools
> >e-mail
> > >> >> >servers)
> > >> >> >
> > >> >> >
> > >> >> >
> > >> >> >I am using RedHat 7 with PAM-0.72-26 that came with it
> > >> >> >
> > >> >> >
> > >> >> >
> > >> >> >What I've done...
> > >> >> >
> > >> >> >I have edited /etc/pam.d/system-auth and commented out the
> > >> >>pam_cracklib.so
> > >> >> >line and when you put the new password in its ok but when you are
> > >>asked
> > >> >>to
> > >> >> >reenter password the normal check applies and the passwords are
> > >>rejected
> > >> >>by
> > >> >> >length, dictionary check and not enough different characters etc
> >etc
> > >> >> >
> > >> >> >
> > >> >> >How can I stop these checks for new user passwords?
> > >> >> >
> > >> >> >
> > >> >> >Any help would be great!
> > >> >> >
> > >> >> >
> > >> >> >Thanks
> > >> >> >
> > >> >> >
> > >> >> >Dave
> > >> >> >
> > >> >> >
> > >> >>
> > >>
> > >_____________________________________________________________________________________
> > >> >> >Get more from the Web.  FREE MSN Explorer download :
> > >> >>http://explorer.msn.com
> > >> >> >
> > >> >>
> > >> >
> > >>
> > >_____________________________________________________________________________________
> > >> >Get more from the Web.  FREE MSN Explorer download :
> > >>http://explorer.msn.com
> > >> >
> > >>
> > >
> > >_____________________________________________________________________________________
> > >Get more from the Web.  FREE MSN Explorer download :
> >http://explorer.msn.com
> > >
> >
> 
> _____________________________________________________________________________________
> Get more from the Web.  FREE MSN Explorer download : http://explorer.msn.com
> 
> _______________________________________________
> Pam-list mailing list
> Pam-list@redhat.com
> https://listman.redhat.com/mailman/listinfo/pam-list





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []