I was successful in having user to force password reset. I had to two things
1. Update the LDAP global password policy with two flags
a)force password reset after initial logon
b)force password reset after admin resets the password.
2. Had to add the some lines in /etc/pam.conf for account section
We are going to have high availability and slave servers for sure.
Consider some body using a laptop when they are not connected to the network. They should be able to logon.
Here's the issue. Currently when I run passwd -f "username" on any account, when I try to login with said account I don't get prompted to change my password I just keep getting prompted to input a password. (Of course this works just fine with telnet)Is there something i need to add to... (7 Replies)
Hi Solaris's expert
I need to change user password on Solaris10 2 servers.
With the same password I can change it just only one.
Try to check everything but not found difference??
password pattern: abcdeFgh9Jk
server1 check all characters but server2 check only first 8 characters.Why??... (10 Replies)
Hi, on a lab computer another user (who is a sudoer) changed my password without my permission. I'm pretty positive it was her, though I can't conclusively prove it. I had my friend, who is another sudoer on the machine, fix it and make me a sudoer now too.
So everything is fine, but I want... (0 Replies)
Hi,
I am running NIS server on redhat linux 5 and I want to implement password restrictions for the yppasswd, how can I do it.Please help me.
I can implement password restriction for passwd by configuring /etc/pam.d/system-auth and setting crack_lib.so but I don't know how to implent the same... (3 Replies)
hi folk,
i try to setup a new password policy for our solaris box user, below are the /etc/default/passwd/, but then when i tried to create a user, it didn't ask for numeric character, and the new password also didn't ask for special characters.
# useradd testing
# passwd testing
New... (7 Replies)
Hi linux expert,
i would like to create a script for listing all user with there password policy. It should be in the following format:
Last password change : Sep 19, 2011
Password expires : never
Password inactive : never
Account... (2 Replies)
Hi,
I use a software which can create account on many system or application.
One of resource which is managed by this soft his a server SUSE Linux Enterprise Server 10 (x86_64). patch level 3.
This application which is an IBM application use ssh to launch command to create account in... (3 Replies)
I need help. I have set a password policy. But I want to dis allow setting user name as password.
My policy is as below...
min length =8
min diff=2
min alpha=2
max repeats=2
dictionary= /usr/share/dict/words
Still user can set his username as password (i.e. Jackie1234).
Code tags for... (11 Replies)
Hi
We have a requirement to vary the minimum password criteria by the group to which a user belongs.
For example a standard user should have a password with a minimum length of 12 and containing a mix of characters whereas an administrator should have a password with a minimum length of 14... (1 Reply)
Hi,
I am unable to enforce password complexity policy for root user. (other users are working) on RHEL 6.2. Anything wrong with system-auth parameters? PLease help..
vi /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time... (1 Reply)
Discussion started by: suresh3566
1 Replies
LEARN ABOUT OPENSOLARIS
pam_deny
pam_deny(5) Standards, Environments, and Macros pam_deny(5)NAME
pam_deny - PAM authentication, account, session and password management PAM module to deny operations
SYNOPSIS
pam_deny.so.1
DESCRIPTION
The pam_deny module implements all the PAM service module functions and returns the module type default failure return code for all calls.
The following options are interpreted:
debug syslog(3C) debugging information at the LOG_AUTH|LOG_DEBUG levels
ERRORS
The following error codes are returned:
PAM_ACCT_EXPIRED If pam_sm_acct_mgmt is called.
PAM_AUTH_ERR If pam_sm_authenticate is called.
PAM_AUTHOK_ERR If pam_sm_chauthtok is called.
PAM_CRED_ERR If pam_sm_setcred is called.
PAM_SESSION_ERR If pam_sm_open_session or pam_sm_close_session is called.
EXAMPLES
Example 1 Disallowing ssh none authentication
sshd-none auth requisite pam_deny.so.1
sshd-none account requisite pam_deny.so.1
sshd-none session requisite pam_deny.so.1
sshd-none password requisite pam_deny.so.1
Example 2 Disallowing any service not explicitly defined
other auth requisite pam_deny.so.1
other account requisite pam_deny.so.1
other session requisite pam_deny.so.1
other password requisite pam_deny.so.1
ATTRIBUTES
See attributes(5) for a description of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Interface Stability |Evolving |
+-----------------------------+-----------------------------+
|MT Level |MT-Safe with exceptions |
+-----------------------------+-----------------------------+
SEE ALSO su(1M), libpam(3LIB), pam(3PAM), pam_sm_authenticate(3PAM), syslog(3C), pam.conf(4), nsswitch.conf(4), attributes(5), pam_authtok_check(5),
pam_authtok_get(5), pam_authtok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix_account(5), pam_unix_auth(5), pam_unix_session(5),
privileges(5)NOTES
The interfaces in libpam(3LIB) are MT-Safe only if each thread within the multi-threaded application uses its own PAM handle.
The pam_deny module is intended to deny access to a specified service. The other service name may be used to deny access to services not
explicitly specified.
SunOS 5.11 16 Jun 2005 pam_deny(5)