05-05-2012
Where did you get the output from? Can you post chage -l userid output for the user account? If maximum age of a password is set to 90 days, then the password surely expires at the end of the 90th day. As simple as that.
10 More Discussions You Might Find Interesting
1. UNIX and Linux Applications
Hi all of you..............
I am using openldap on ubuntu server . i want to apply password policy for user's to set password length , expire date , ......etc.
can anybody guide me to configure this. (1 Reply)
Discussion started by: jagnikam
1 Replies
2. Solaris
Hi Solaris's expert
I need to change user password on Solaris10 2 servers.
With the same password I can change it just only one.
Try to check everything but not found difference??
password pattern: abcdeFgh9Jk
server1 check all characters but server2 check only first 8 characters.Why??... (10 Replies)
Discussion started by: arm_naja
10 Replies
3. Red Hat
Today i was going through some of security guides written on linux .
Under shadow file security following points were mentioned.
1)The encrypted password stored under /etc/shadow file should have more than 14-25 characters.
2)Usernames in shadow file must satisfy to all the same rules as... (14 Replies)
Discussion started by: pinga123
14 Replies
4. Red Hat
Hi,
I am running NIS server on redhat linux 5 and I want to implement password restrictions for the yppasswd, how can I do it.Please help me.
I can implement password restriction for passwd by configuring /etc/pam.d/system-auth and setting crack_lib.so but I don't know how to implent the same... (3 Replies)
Discussion started by: ktrimu
3 Replies
5. Solaris
hi folk,
i try to setup a new password policy for our solaris box user, below are the /etc/default/passwd/, but then when i tried to create a user, it didn't ask for numeric character, and the new password also didn't ask for special characters.
# useradd testing
# passwd testing
New... (7 Replies)
Discussion started by: dehetoxic
7 Replies
6. Ubuntu
Hi linux expert,
i would like to create a script for listing all user with there password policy. It should be in the following format:
Last password change : Sep 19, 2011
Password expires : never
Password inactive : never
Account... (2 Replies)
Discussion started by: yprudent
2 Replies
7. Solaris
Hello All,
I have Sun DSEE7 (11g) on Solaris 10.
I have run idsconfig and initialized ldap client with profile created using idsconfig.
My ldap authentication works. Here is my pam.conf
# Authentication management
#
# login service (explicit because of pam_dial_auth)
#
login ... (3 Replies)
Discussion started by: pandu345
3 Replies
8. Ubuntu
Hello Team,
I am using Lubuntu & have DRBL remote boot setup with open Ldap authentication. Currently there is no password expire policy. I want to set Password Policy so that user's password will expire after a month & they will get prompt to change their password.
Using PAM we can do it,... (1 Reply)
Discussion started by: paragnehete
1 Replies
9. AIX
I need help. I have set a password policy. But I want to dis allow setting user name as password.
My policy is as below...
min length =8
min diff=2
min alpha=2
max repeats=2
dictionary= /usr/share/dict/words
Still user can set his username as password (i.e. Jackie1234).
Code tags for... (11 Replies)
Discussion started by: powerAIX
11 Replies
10. Red Hat
Hi,
I am unable to enforce password complexity policy for root user. (other users are working) on RHEL 6.2. Anything wrong with system-auth parameters? PLease help..
vi /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time... (1 Reply)
Discussion started by: suresh3566
1 Replies
LEARN ABOUT DEBIAN
rlm_mschap
rlm_mschap(5) FreeRADIUS Module rlm_mschap(5)
NAME
rlm_mschap - FreeRADIUS Module
DESCRIPTION
The rlm_mschap module provides MS-CHAP and MS-CHAPv2 authentication support.
This module validates a user with MS-CHAP or MS-CHAPv2 authentication. If called in Authorize, it will look for MS-CHAP Challenge/Response
attributes in the Acess-Request and adds an Auth-Type attribute set to MS-CHAP in the Config-Items list unless Auth-Type has already set.
The module can authenticate the MS-CHAP session via plain-text passwords (User-Password attribute), or NT passwords (NT-Password
attribute). The module cannot perform authentication against an NT domain.
The module also enforces the SMB-Account-Ctrl attribute. See the Samba documentation for the meaning of SMB account control. The module
does not read Samba password files. Instead, the fIrlm_passwd module can be used to read a Samba password file, and supply an NT-Password
attribute which this module can use.
The main configuration items to be aware of are:
authtype
This is the string used to set the authtype. Normally it should be left to the default value of MS-CHAP.
use_mppe
Unless this is set to 'no', FreeRADIUS will add MS-CHAP-MPPE-Keys for MS-CHAPv1 and MS-MPPE-Recv-Key/MS-MPPE-Send-Key for MS-CHAPv2.
The default is 'yes'.
require_encryption
If MPPE is enabled, setting this attribute to 'yes' will cause the MS-MPPE-Encryption-Policy attribute to be set to require encryp-
tion. The default is 'no'.
require_strong
If MPPE is enabled, setting this attribute to 'yes' will cause the MS-MPPE-Encryption-Types attribute to be set to require a 128 bit
key. The default is 'no'.
with_ntdomain_hack
Windows clients send User-Name in the form of "DOMAINUser", but send the challenge/response based only on the User portion. Set-
ting this value to yes, enables a work-around for this error. The default is 'no'.
CONFIGURATION
modules {
...
mschap {
authtype = MS-CHAP
use_mppe = yes
}
...
}
...
authorize {
...
mschap
...
}
...
authenticate {
...
mschap
...
}
SECTIONS
authorization, authentication
FILES
/etc/raddb/radiusd.conf
SEE ALSO
radiusd(8), radiusd.conf(5)
AUTHOR
Chris Parker, cparker@segv.org
13 March 2004 rlm_mschap(5)