pam_cracklib password length problem
Scott Gentry
sgentry6 at gmail.com
Thu Apr 26 12:42:15 UTC 2007
Are you attempting to change the password as root? If so cracklib doesn't
check length or any of the other parameters in that line from what I
recall. If you need passwords by root to be verified I suggest that you
check out the Openwall project. Specifically the passwdqc module that they
provide:
http://www.openwall.com/passwdqc/
It allows for much more stringent rules to be followed.
On 4/26/07, k03fra-pam at yahoo.de <k03fra-pam at yahoo.de> wrote:
>
> I have been attempting enable pam_cracklib to check the minimum password
> length.
> Therefore I've added minlen=10 to the cracklib line of the password
> section of /etc/pam.d/system-auth of a asterisk at home/CentOS3 installation.
> All other lines are unchanged.
>
> #%PAM-1.0
> #This file ......
> ...
> password required /lib/security/$ISA/pam_cracklib.so retry=3
> minlen=10
> password sufficient /lib/security/$ISA/pam_unix.so nullok
> use_authtok md5 shadow
> password required /lib/security/$ISA/pam_deny.so
>
> Still passwords with a minimum of 6 characters are accepted. If I change
> retry to 5, 5 retries are possible. This tell me I must be editing the
> correct file.
> I'm sure something is missing but after searching the web I still can't
> figure out what it is.
>
> ------------------------------
> Heute schon einen Blick in die Zukunft von E-Mails wagen? Versuchen Sie´s
> mit dem neuen Yahoo! Mail<http://de.rd.yahoo.com/evt=40593/*http://de.docs.yahoo.com/ymail/landing.html>.
>
>
>
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pam-list/attachments/20070426/7ff0458d/attachment.htm>
More information about the Pam-list
mailing list