Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Solaris and PAM Password policy
Operating Systems Solaris Solaris and PAM Password policy Post 302725951 by pandu345 on Saturday 3rd of November 2012 03:46:53 AM
Old 11-03-2012
I was successful in having user to force password reset. I had to two things
1. Update the LDAP global password policy with two flags
a)force password reset after initial logon
b)force password reset after admin resets the password.

2. Had to add the some lines in /etc/pam.conf for account section
Code:
# Used when service name is not explicitly mentioned for account management
#
other   account requisite       pam_roles.so.1
other   account binding         pam_unix_account.so.1 server_policy 
other   account required        pam_ldap.so.1 
#

We are going to have high availability and slave servers for sure.
Consider some body using a laptop when they are not connected to the network. They should be able to logon.

Thanks,
 

10 More Discussions You Might Find Interesting

1. Solaris

PAM, Solaris, Openssh and Forcing a password change

Here's the issue. Currently when I run passwd -f "username" on any account, when I try to login with said account I don't get prompted to change my password I just keep getting prompted to input a password. (Of course this works just fine with telnet)Is there something i need to add to... (7 Replies)
Discussion started by: woodson2
7 Replies

2. Solaris

Password policy problem ??

Hi Solaris's expert I need to change user password on Solaris10 2 servers. With the same password I can change it just only one. Try to check everything but not found difference?? password pattern: abcdeFgh9Jk server1 check all characters but server2 check only first 8 characters.Why??... (10 Replies)
Discussion started by: arm_naja
10 Replies

3. UNIX for Dummies Questions & Answers

Using PAM to log password changes?

Hi, on a lab computer another user (who is a sudoer) changed my password without my permission. I'm pretty positive it was her, though I can't conclusively prove it. I had my friend, who is another sudoer on the machine, fix it and make me a sudoer now too. So everything is fine, but I want... (0 Replies)
Discussion started by: declannalced
0 Replies

4. Red Hat

NIS password policy

Hi, I am running NIS server on redhat linux 5 and I want to implement password restrictions for the yppasswd, how can I do it.Please help me. I can implement password restriction for passwd by configuring /etc/pam.d/system-auth and setting crack_lib.so but I don't know how to implent the same... (3 Replies)
Discussion started by: ktrimu
3 Replies

5. Solaris

password policy for new user

hi folk, i try to setup a new password policy for our solaris box user, below are the /etc/default/passwd/, but then when i tried to create a user, it didn't ask for numeric character, and the new password also didn't ask for special characters. # useradd testing # passwd testing New... (7 Replies)
Discussion started by: dehetoxic
7 Replies

6. Ubuntu

User and Password Policy

Hi linux expert, i would like to create a script for listing all user with there password policy. It should be in the following format: Last password change : Sep 19, 2011 Password expires : never Password inactive : never Account... (2 Replies)
Discussion started by: yprudent
2 Replies

7. SuSE

PAM password change failed, pam error 20

Hi, I use a software which can create account on many system or application. One of resource which is managed by this soft his a server SUSE Linux Enterprise Server 10 (x86_64). patch level 3. This application which is an IBM application use ssh to launch command to create account in... (3 Replies)
Discussion started by: scabarrus
3 Replies

8. AIX

Password Policy

I need help. I have set a password policy. But I want to dis allow setting user name as password. My policy is as below... min length =8 min diff=2 min alpha=2 max repeats=2 dictionary= /usr/share/dict/words Still user can set his username as password (i.e. Jackie1234). Code tags for... (11 Replies)
Discussion started by: powerAIX
11 Replies

9. Linux

Password hardening using pam

Hi We have a requirement to vary the minimum password criteria by the group to which a user belongs. For example a standard user should have a password with a minimum length of 12 and containing a mix of characters whereas an administrator should have a password with a minimum length of 14... (1 Reply)
Discussion started by: gregsih
1 Replies

10. Red Hat

Password policy for root

Hi, I am unable to enforce password complexity policy for root user. (other users are working) on RHEL 6.2. Anything wrong with system-auth parameters? PLease help.. vi /etc/pam.d/system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time... (1 Reply)
Discussion started by: suresh3566
1 Replies

LEARN ABOUT OPENSOLARIS

pam_deny

pam_deny(5)						Standards, Environments, and Macros					       pam_deny(5)

NAME

       pam_deny - PAM authentication, account, session and password management PAM module to deny operations

SYNOPSIS

       pam_deny.so.1

DESCRIPTION

       The pam_deny module implements all the PAM service module functions and returns the module type default failure return code for all calls.

       The following options are interpreted:

       debug	syslog(3C) debugging information at the LOG_AUTH|LOG_DEBUG levels

ERRORS

       The following error codes are returned:

       PAM_ACCT_EXPIRED    If pam_sm_acct_mgmt is called.

       PAM_AUTH_ERR	   If pam_sm_authenticate is called.

       PAM_AUTHOK_ERR	   If pam_sm_chauthtok is called.

       PAM_CRED_ERR	   If pam_sm_setcred is called.

       PAM_SESSION_ERR	   If pam_sm_open_session or pam_sm_close_session is called.

EXAMPLES

       Example 1 Disallowing ssh none authentication

	  sshd-none	 auth	    requisite	pam_deny.so.1
	  sshd-none	 account    requisite	pam_deny.so.1
	  sshd-none	 session    requisite	pam_deny.so.1
	  sshd-none	 password   requisite	pam_deny.so.1

       Example 2 Disallowing any service not explicitly defined

	  other 	 auth	    requisite	pam_deny.so.1
	  other 	 account    requisite	pam_deny.so.1
	  other 	 session    requisite	pam_deny.so.1
	  other 	 password   requisite	pam_deny.so.1

ATTRIBUTES

       See attributes(5) for a description of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Evolving			   |
       +-----------------------------+-----------------------------+
       |MT Level		     |MT-Safe with exceptions	   |
       +-----------------------------+-----------------------------+

SEE ALSO

       su(1M), libpam(3LIB), pam(3PAM), pam_sm_authenticate(3PAM), syslog(3C), pam.conf(4), nsswitch.conf(4), attributes(5), pam_authtok_check(5),
       pam_authtok_get(5), pam_authtok_store(5), pam_dhkeys(5), pam_passwd_auth(5),  pam_unix_account(5),  pam_unix_auth(5),  pam_unix_session(5),
       privileges(5)

NOTES

       The interfaces in libpam(3LIB) are MT-Safe only if each thread within the multi-threaded application uses its own PAM handle.

       The  pam_deny  module  is intended to deny access to a specified service. The other service name may be used to deny access to services not
       explicitly specified.

SunOS 5.11							    16 Jun 2005 						       pam_deny(5)
All times are GMT -4. The time now is 04:35 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy