password security
Ethan Benson
erbenson at alaska.net
Thu Mar 4 09:22:54 UTC 2004
On Thu, Mar 04, 2004 at 08:49:57AM +0800, Liew Toh Seng wrote:
> how to do that.
deleting the dictionaries is not the right way to accomplish what you
want. what you want to do is disable the strength checking module for
the passwd service.
edit /etc/pam.d/passwd
you will find a line referring to pam_cracklib.so most likely, this is
what is forcing users to not use foolish, guessable, insecure, unsafe
passwords, remove this line to allow users to be stupid.
also if pam_unix.so has the `obscure' argument remove that as well.
result would look something like this:
#%PAM-1.0
# The PAM configuration file for the Shadow `passwd' service
password required pam_unix.so nullok md5
do be aware that allowing users to pick stupid passwords will all but
guarentee intruder access to your systems by way of guessed passwords,
if your in a non-networked environment this may not be an issue however.
--
Ethan Benson
http://www.alaska.net/~erbenson/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pam-list/attachments/20040304/7e3f95a3/attachment.sig>
More information about the Pam-list
mailing list