12-17-2009
By default with Solaris 10 and older the password is truncated to the first eight characters before further processing. Remaining ones are simply ignored.
10 More Discussions You Might Find Interesting
1. UNIX and Linux Applications
Hi all of you..............
I am using openldap on ubuntu server . i want to apply password policy for user's to set password length , expire date , ......etc.
can anybody guide me to configure this. (1 Reply)
Discussion started by: jagnikam
1 Replies
2. Red Hat
Today i was going through some of security guides written on linux .
Under shadow file security following points were mentioned.
1)The encrypted password stored under /etc/shadow file should have more than 14-25 characters.
2)Usernames in shadow file must satisfy to all the same rules as... (14 Replies)
Discussion started by: pinga123
14 Replies
3. Red Hat
Hi,
I am running NIS server on redhat linux 5 and I want to implement password restrictions for the yppasswd, how can I do it.Please help me.
I can implement password restriction for passwd by configuring /etc/pam.d/system-auth and setting crack_lib.so but I don't know how to implent the same... (3 Replies)
Discussion started by: ktrimu
3 Replies
4. Solaris
hi folk,
i try to setup a new password policy for our solaris box user, below are the /etc/default/passwd/, but then when i tried to create a user, it didn't ask for numeric character, and the new password also didn't ask for special characters.
# useradd testing
# passwd testing
New... (7 Replies)
Discussion started by: dehetoxic
7 Replies
5. Ubuntu
Hi linux expert,
i would like to create a script for listing all user with there password policy. It should be in the following format:
Last password change : Sep 19, 2011
Password expires : never
Password inactive : never
Account... (2 Replies)
Discussion started by: yprudent
2 Replies
6. Red Hat
Hi Experts,
i would like to know the description of the following:
Minimum: 0
Maximum: 90
Warning: 7
Inactive: -1
Last Change: Never
Password Expires: Never
Password Inactive: Never
Account Expires: Never
Does this means that... (2 Replies)
Discussion started by: yprudent
2 Replies
7. Solaris
Hello All,
I have Sun DSEE7 (11g) on Solaris 10.
I have run idsconfig and initialized ldap client with profile created using idsconfig.
My ldap authentication works. Here is my pam.conf
# Authentication management
#
# login service (explicit because of pam_dial_auth)
#
login ... (3 Replies)
Discussion started by: pandu345
3 Replies
8. Ubuntu
Hello Team,
I am using Lubuntu & have DRBL remote boot setup with open Ldap authentication. Currently there is no password expire policy. I want to set Password Policy so that user's password will expire after a month & they will get prompt to change their password.
Using PAM we can do it,... (1 Reply)
Discussion started by: paragnehete
1 Replies
9. AIX
I need help. I have set a password policy. But I want to dis allow setting user name as password.
My policy is as below...
min length =8
min diff=2
min alpha=2
max repeats=2
dictionary= /usr/share/dict/words
Still user can set his username as password (i.e. Jackie1234).
Code tags for... (11 Replies)
Discussion started by: powerAIX
11 Replies
10. Red Hat
Hi,
I am unable to enforce password complexity policy for root user. (other users are working) on RHEL 6.2. Anything wrong with system-auth parameters? PLease help..
vi /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time... (1 Reply)
Discussion started by: suresh3566
1 Replies
LEARN ABOUT CENTOS
pwquality.conf
PWQUALITY.CONF(5) File Formats Manual PWQUALITY.CONF(5)
NAME
pwquality.conf - configuration for the libpwquality library
SYNOPSIS
/etc/security/pwquality.conf
DESCRIPTION
pwquality.conf provides a way to configure the default password quality requirements for the system passwords. This file is read by the
libpwquality library and utilities that use this library for checking and generating passwords.
The file has a very simple name = value format with possible comments starting with # character. The whitespace at the beginning of line,
end of line, and around the = sign is ignored.
OPTIONS
The possible options in the file are:
difok
Number of characters in the new password that must not be present in the old password. (default 5)
minlen
Minimum acceptable size for the new password (plus one if credits are not disabled which is the default). (See pam_pwquality(8).)
Cannot be set to lower value than 6. (default 9)
dcredit
The maximum credit for having digits in the new password. If less than 0 it is the minimum number of digits in the new password.
(default 1)
ucredit
The maximum credit for having uppercase characters in the new password. If less than 0 it is the minimum number of uppercase char-
acters in the new password. (default 1)
lcredit
The maximum credit for having lowercase characters in the new password. If less than 0 it is the minimum number of lowercase char-
acters in the new password. (default 1)
ocredit
The maximum credit for having other characters in the new password. If less than 0 it is the minimum number of other characters in
the new password. (default 1)
minclass
The minimum number of required classes of characters for the new password (digits, uppercase, lowercase, others). (default 0)
maxrepeat
The maximum number of allowed same consecutive characters in the new password. The check is disabled if the value is 0. (default
0)
maxsequence
The maximum length of monotonic character sequences in the new password. Examples of such sequence are '12345' or 'fedcb'. Note
that most such passwords will not pass the simplicity check unless the sequence is only a minor part of the password. The check is
disabled if the value is 0. (default 0)
maxclassrepeat
The maximum number of allowed consecutive characters of the same class in the new password. The check is disabled if the value is
0. (default 0)
gecoscheck
If nonzero, check whether the words longer than 3 characters from the GECOS field of the user's passwd entry are contained in the
new password. The check is disabled if the value is 0. (default 0)
badwords
Space separated list of words that must not be contained in the password. These are additional words to the cracklib dictionary
check. This setting can be also used by applications to emulate the gecos check for user accounts that are not created yet.
dictpath
Path to the cracklib dictionaries. Default is to use the cracklib default.
SEE ALSO
pwscore(1), pwmake(1), pam_pwquality(8)
AUTHORS
Tomas Mraz <tmraz@redhat.com>
Red Hat, Inc. 10 Nov 2011 PWQUALITY.CONF(5)