[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Fwd: Re: restrict passwords


  I have another problem, and this problem seems serious. I cannot change the 

pc1:~ $ passwd
Changing password for user prueba.
Changing password for prueba
(current) UNIX password:
New password:
Retype new password:
Password has been already used. Choose another.
Password has been already used. Choose another.
Password has been already used. Choose another.
passwd: Authentication token manipulation error
pc1:~ $

  The log shows:
Jul 25 13:04:07 pc1 passwd(pam_unix)[13170]: new password not acceptable

  ideas for me?


----------  Mensaje reenviado  ----------

Subject: Re: restrict passwords
Date: Fri, 25 Jul 2003 14:07:19 +0200
From: Rocio Alfonso Pita <rozio universalsupport com>
To: pam-list redhat com, Andrew Shewmaker <shewa inel gov>


  Thanks for this good information. I probe it and I have a little problem: I
cannot lock the user account.

  Log shows:
Jul 25 12:43:07 pc1 login(pam_unix)[13002]: 3 more authentication failures;
logname= uid=0 euid=0 tty=tty4 ruser= rhost=  user=prueba
Jul 25 12:43:07 pc1 login(pam_unix)[13002]: service(login) ignoring max
retries; 4 > 3
Jul 25 12:43:11 pc1 login(pam_unix)[13003]: session opened for user prueba by

  I write a wrong password 3 times, and after I can enter in my account. Why?

  My /etc/pam.d/system-auth is now:

auth        required      /lib/security/pam_env.so
auth        sufficient    /lib/security/pam_unix.so likeauth nullok
auth        required      /lib/security/pam_deny.so

account     required      /lib/security/pam_unix.so
account     required      /lib/security/pam_tally.so deny=3 no_magic_root

password    required      /lib/security/pam_cracklib.so retry=3 type= difok=2
password    sufficient    /lib/security/pam_unix.so nullok use_authtok md5
shadow remember=3
password    required      /lib/security/pam_deny.so

session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so

  thanks and regards,

El Lun 21 Jul 2003 15:48, Andrew Shewmaker ha dicho:
> Rocio Alfonso Pita wrote:
> > Hello,
> >
> >   I want to configure the users passwords so:
> >
> > - minimum ttl for password
> > - maximum ttl for password
> > - maximum repeat 2 characters
> > - user cannot repeat the 2 lastest passwords.
> > - if user fail his password for 3 times, lock his account.
> >
> >   The minimum and maximum ttl I can to configure with "passwd" or in
> > /etc/logins.defs.
> I found this site very helpful when I was setting up something
> similar to you.
> http://www.puschitz.com/Security.shtml
> -Andrew

Este  correo  electrónico  y  los documentos que lo acompañan pueden contener
información reservada y/o confidencial, dirigida exclusivamente al uso del
destinatario. Si Vd. no es el destinatario, no está autorizado a copiar o
distribuir esta comunicación a ninguna otra persona. Si ha recibido este
correo electrónico por error, le rogamos nos lo devuelva y lo elimine de su
sistema. Gracias.
Rocío Alfonso Pita
Dpto. Sistemas
Universal Support S.A.U.
Tlf: +34 981 779 140 ext. 6209
Fax: +34 981 779 141

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]