pam_cracklib.so no workie - eeek!
Brett Charbeneau
brett at wrl.org
Fri Mar 5 16:09:16 UTC 2004
Greetings all,
I'd be very grateful for some pointers on this problem I'm having
with our mail server - I'm stumped.
I'm beating my head against the wall trying to figure out why my
mail server is accepting dictionary-based passwords, seemingly, all of a
sudden.
It's a RH 7.2 box, with lots of 7.3 enhancements on it.
I've got the following RPM's on here relevant to the situation:
pam-0.75-46.7.2
cracklib-2.7-15
cracklib-dicts-2.7-15
passwd-0.67-3
and here's what my /etc/pam.d/passwd file contains:
#%PAM-1.0
auth required /lib/security/pam_stack.so service=system-auth
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
here's what's in my /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth required /lib/security/pam_deny.so
account required /lib/security/pam_unix.so
password required /lib/security/pam_cracklib.so retry=3 type=
password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
The cracklib thang *should* work, but at this point the box will
accept anything of sufficient character length - regardless of whether
it's a word.
Any ideas or hints? Heck, make fun of me.
Thank you VERY MUCH in advance for any help anyone can find the
time to offer!
--
Brett Charbeneau, Network Administrator Tel: 757-259-7750
Williamsburg Regional Library FAX: 757-259-7798
7770 Croaker Road brett at wrl.org
Williamsburg, VA 23188-7064 http://www.wrl.org
More information about the Pam-list
mailing list