[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: password history and enforcement of PAM rules for root

On Thu, Aug 08, 2002 at 09:11:05AM -0700, Bob Hemedinger wrote:
> How can I configure PAM to
> force root to honor using strong passwords when
> setting a user's password, or even its own password?

With pam_passwdqc, that is done with the enforce= option:

	enforce=none|users|everyone	[enforce=everyone]

The module can be configured to warn of weak passwords only, but not
actually enforce strong passwords.  The "users" setting will enforce
strong passwords for non-root users only.

"enforce=everyone" enforces strong passwords on root users as well and
is in fact the default.

(Of course, root can still bypass any restrictions by writing password
hashes directly or by temporarily adjusting configuration files.)


P.S. For those who have been on this list for a while or otherwise
heard of pam_passwdqc before, -- recent additions include HP-UX 11
support and the import of a pam_passwdqc(8) manual page back from
FreeBSD (they wrote it based on my README), with minor corrections.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []