Guidance using pam_passwdqc module and Army Regulation 25-2
Solar Designer
solar at openwall.com
Thu Jun 3 01:23:17 UTC 2004
On Thu, Jun 03, 2004 at 01:03:03PM +1200, William Brower wrote:
> I downloaded and installed the module - things went cleanly and the
> module was installed in /lib/security/pam_passwdqc.so
>
> 2) I tried modifying /etc/pam.d/system-auth to look like this
> (I know there is a warning about file autogeneration, but frankly, the
> /etc/pam.d/passwd file seems to direct all real action to this file -
> should I just modify the /etc/pam.d/passwd file instead??)
No, there's no need to modify other PAM config files and it is
appropriate to modify /etc/pam.d/system-auth almost like you did.
> OLD:
> password required /lib/security/$ISA/pam_cracklib.so retry=3 type=
> password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok
> md5 shadow
> password required /lib/security/$ISA/pam_deny.so
>
> NEW:
> #password required /lib/security/$ISA/pam_cracklib.so retry=3 type=
> password required /lib/security/$ISA/pam_passwdqc.so
You said the module installed under /lib/security/pam_passwdqc.so, --
perhaps you need to remove the extra "/$ISA" from this line then?
> password sufficient /lib/security/$ISA/pam_unix.so nullok use_first_pass
> md5 shadow
Please revert the change you did to this line. It should have worked
fine with "use_authtok".
--
Alexander Peslyak <solar at openwall.com>
GPG key ID: B35D3598 fp: 6429 0D7E F130 C13E C929 6447 73C3 A290 B35D 3598
http://www.openwall.com - bringing security into open computing environments
More information about the Pam-list
mailing list