Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Password policy problem ??
Operating Systems Solaris Password policy problem ?? Post 302380990 by arm_naja on Wednesday 16th of December 2009 09:45:02 PM
Old 12-16-2009
Password policy problem ??
Hi Solaris's expert

I need to change user password on Solaris10 2 servers.
With the same password I can change it just only one.
Try to check everything but not found difference??

password pattern: abcdeFgh9Jk

server1 check all characters but server2 check only first 8 characters.Why??
I think solaris just check only first 8 char.

error msg on server2 ->> passwd: The first 8 characters of the password must contain at least 1 numeric or special character(s).
Anyone have any idea for this case?

File: /etc/default/passwd

Server0101 *** Change password success

MINALPHA=2
#MINDIFF=5
MINNONALPHA=1
#MINUPPER=0
#MINLOWER=2
#MAXREPEATS=2
WHITESPACE=YES
NAMECHECK=YES
DICTIONDBDIR=/var/passwd
DICTIONLIST=/usr/share/lib/dict/words
MINWEEKS=1
MAXWEEKS=9
WARNWEEKS=1
PASSLENGTH=8
=============

Server02 **** Cannot change password
HISTORY=3
MINALPHA=2
#MINDIFF=5
MINNONALPHA=1
#MINUPPER=0
#MINLOWER=2
#MAXREPEATS=2
WHITESPACE=YES
NAMECHECK=YES
DICTIONDBDIR=/var/passwd
DICTIONLIST=/usr/share/lib/dict/words
MINWEEKS=1
MAXWEEKS=9
WARNWEEKS=1
PASSLENGTH=8
====================

Thank you,Smilie
 

10 More Discussions You Might Find Interesting

1. UNIX and Linux Applications

Need openLDAP + Password policy guide

Hi all of you.............. I am using openldap on ubuntu server . i want to apply password policy for user's to set password length , expire date , ......etc. can anybody guide me to configure this. (1 Reply)
Discussion started by: jagnikam
1 Replies

2. Red Hat

Shadow file password policy

Today i was going through some of security guides written on linux . Under shadow file security following points were mentioned. 1)The encrypted password stored under /etc/shadow file should have more than 14-25 characters. 2)Usernames in shadow file must satisfy to all the same rules as... (14 Replies)
Discussion started by: pinga123
14 Replies

3. Red Hat

NIS password policy

Hi, I am running NIS server on redhat linux 5 and I want to implement password restrictions for the yppasswd, how can I do it.Please help me. I can implement password restriction for passwd by configuring /etc/pam.d/system-auth and setting crack_lib.so but I don't know how to implent the same... (3 Replies)
Discussion started by: ktrimu
3 Replies

4. Solaris

password policy for new user

hi folk, i try to setup a new password policy for our solaris box user, below are the /etc/default/passwd/, but then when i tried to create a user, it didn't ask for numeric character, and the new password also didn't ask for special characters. # useradd testing # passwd testing New... (7 Replies)
Discussion started by: dehetoxic
7 Replies

5. Ubuntu

User and Password Policy

Hi linux expert, i would like to create a script for listing all user with there password policy. It should be in the following format: Last password change : Sep 19, 2011 Password expires : never Password inactive : never Account... (2 Replies)
Discussion started by: yprudent
2 Replies

6. Red Hat

Password Policy description

Hi Experts, i would like to know the description of the following: Minimum: 0 Maximum: 90 Warning: 7 Inactive: -1 Last Change: Never Password Expires: Never Password Inactive: Never Account Expires: Never Does this means that... (2 Replies)
Discussion started by: yprudent
2 Replies

7. Solaris

Solaris and PAM Password policy

Hello All, I have Sun DSEE7 (11g) on Solaris 10. I have run idsconfig and initialized ldap client with profile created using idsconfig. My ldap authentication works. Here is my pam.conf # Authentication management # # login service (explicit because of pam_dial_auth) # login ... (3 Replies)
Discussion started by: pandu345
3 Replies

8. Ubuntu

Password Expiration Policy

Hello Team, I am using Lubuntu & have DRBL remote boot setup with open Ldap authentication. Currently there is no password expire policy. I want to set Password Policy so that user's password will expire after a month & they will get prompt to change their password. Using PAM we can do it,... (1 Reply)
Discussion started by: paragnehete
1 Replies

9. AIX

Password Policy

I need help. I have set a password policy. But I want to dis allow setting user name as password. My policy is as below... min length =8 min diff=2 min alpha=2 max repeats=2 dictionary= /usr/share/dict/words Still user can set his username as password (i.e. Jackie1234). Code tags for... (11 Replies)
Discussion started by: powerAIX
11 Replies

10. Red Hat

Password policy for root

Hi, I am unable to enforce password complexity policy for root user. (other users are working) on RHEL 6.2. Anything wrong with system-auth parameters? PLease help.. vi /etc/pam.d/system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time... (1 Reply)
Discussion started by: suresh3566
1 Replies

LEARN ABOUT PLAN9

pam_authtok_check

pam_authtok_check(5)					Standards, Environments, and Macros				      pam_authtok_check(5)

NAME

       pam_authtok_check - authentication and password management module

SYNOPSIS

       pam_authtok_check.so.1

DESCRIPTION

       pam_authtok_check  provides  functionality  to the Password Management stack. The implementation of pam_sm_chauthtok() performs a number of
       checks on the construction of the newly entered password. pam_sm_chauthtok() is invoked twice by the PAM framework, once with flags set	to
       PAM_PRELIM_CHECK,  and  once  with  flags set to PAM_UPDATE_AUTHTOK. This module only performs its checks during the first invocation. This
       module expects the current authentication token in the PAM_OLDAUTHTOK item, the new (to be checked) password in the PAM_AUTHTOK	item,  and
       the login name in the PAM_USER item. The checks performed by this module are:

       length	       The password length should not be less that the minimum specified in /etc/default/passwd.

       circular shift  The password should not be a circular shift of the login name. This check may be disabled in /etc/default/passwd.

       complexity      The  password  should  contain at least the minimum number of characters described by the parameters MINALPHA, MINNONALPHA,
		       MINDIGIT, and MINSPECIAL. Note that MINNONALPHA describes the same character classes as MINDIGIT and  MINSPECIAL  combined;
		       therefore  the  user  cannot  specify  both MINNONALPHA and MINSPECIAL (or MINDIGIT). The user must choose which of the two
		       options to use. Furthermore, the WHITESPACE parameter determines whether whitespace characters are allowed. If  unspecified
		       MINALPHA is 2, MINNONALPHA is 1 and WHITESPACE is yes

       variation       The  old  and new passwords must differ by at least the MINDIFF value specified in /etc/default/passwd. If unspecified, the
		       default is 3. For accounts in name services which support password history checking, if prior history is defined,  the  new
		       password must not match the prior passwords.

       dictionary checkThe  password  must not be based on a dictionary word. The list of words to be used for the site's dictionary can be speci-
		       fied with DICTIONLIST. It should contain a comma-separated list of filenames, one word per line. The database that is  cre-
		       ated  from  these  files  is  stored in the directory named by DICTIONDBDIR (defaults to /var/passwd). See mkpwdict(1M) for
		       information on pre-generating the database. If neither DICTIONLIST nor DICTIONDBDIR is specified, no  dictionary  check	is
		       made.

       upper/lower caseThe password must contain at least the minimum of upper- and lower-case letters specified by the MINUPPER and MINLOWER val-
		       ues in /etc/default/passwd. If unspecified, the defaults are 0.

       maximum repeats The password must not  contain  more  consecutively  repeating  characters  than  specified  by	the  MAXREPEATS  value	in
		       /etc/default/passwd. If unspecified, no repeat character check is made.

       The following option may be passed to the module:

       debug	       syslog(3C) debugging information at the LOG_DEBUG level

RETURN VALUES

       If the password in PAM_AUTHTOK passes all tests, PAM_SUCCESS is returned. If any of the tests fail, PAM_AUTHTOK_ERR is returned.

FILES

       /etc/default/passwd     See passwd(1) for a description of the contents.

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Evolving			   |
       +-----------------------------+-----------------------------+
       |MT Level		     |MT-Safe with exceptions	   |
       +-----------------------------+-----------------------------+

SEE ALSO

       passwd(1),  pam(3PAM),  mkpwdict(1M),  pam_chauthtok(3PAM),  syslog(3C),  libpam(3LIB),	pam.conf(4),  passwd(4), shadow(4), attributes(5),
       pam_authtok_get(5), pam_authtok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix_account(5), pam_unix_auth(5), pam_unix_session(5)

NOTES

       The interfaces in libpam(3LIB) are MT-Safe only if each thread within the multi-threaded application uses its own PAM handle.

       The pam_unix(5) module is no longer supported. Similar functionality is provided  by  pam_authtok_check(5),  pam_authtok_get(5),  pam_auth-
       tok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix_account(5), pam_unix_auth(5), and pam_unix_session(5).

SunOS 5.10							    4 Jun 2004						      pam_authtok_check(5)
All times are GMT -4. The time now is 04:34 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy