We have a requirement to vary the minimum password criteria by the group to which a user belongs.
For example a standard user should have a password with a minimum length of 12 and containing a mix of characters whereas an administrator should have a password with a minimum length of 14 etc.
It would seem that the pam_cracklib.so line is the one to use but the exact method seems to be unclear.
We actually have three requirements normal user, admin, service user.
I think the below lines show the area of pam that requires changing. If anyone has tried this any information or help would be gratefully received.
A google search does show up some hints but none for RHEL6 which is what we are using.
So I've just done my first install of Solaris. I installed it on an x86 system and am now in the processing of figuring out what I need to do to 'harden' it. I've got the Security kit downloaded (jass) but I am not sure what to do with the .tar file.
I can't seem to find any easy steps to... (6 Replies)
What do we need to do to harden a freshly installed solaris OS? like disable telnet, no ftp for root etc...What all services you need to stop? How to check what ports are open? etc etc....please provide all tips that come to your mind...thanks:) (5 Replies)
Here's the issue. Currently when I run passwd -f "username" on any account, when I try to login with said account I don't get prompted to change my password I just keep getting prompted to input a password. (Of course this works just fine with telnet)Is there something i need to add to... (7 Replies)
Pam Module sending a cannot get password enry after certain period in /var/adm/message.
pam_login_limit(auth): Cannot get Password entry for user 'dbsnmp'
What is dbsnmp? Also if account is locked does pam module checks for this locked account at regular interval and keeps on posting... (2 Replies)
Hi, on a lab computer another user (who is a sudoer) changed my password without my permission. I'm pretty positive it was her, though I can't conclusively prove it. I had my friend, who is another sudoer on the machine, fix it and make me a sudoer now too.
So everything is fine, but I want... (0 Replies)
I am dealing with an FTP server and I have implemented password hardening on the server. The thing is that, it applies to SSH connection.
I forcefully expired password of a user so that he can change password at next login. But the user logged in to the server through FTP and he wasn't asked to... (4 Replies)
We've got a FTP server that's open to the public network and its running on Suse SUSE Linux Enterprise Server 11 (x86_64) SP2
Now, since it's an FTP server I can't disable that service, but how else do I harden this server from attacks from outside?
I am thinking of disabling the firewall and... (3 Replies)
Hello All,
I have Sun DSEE7 (11g) on Solaris 10.
I have run idsconfig and initialized ldap client with profile created using idsconfig.
My ldap authentication works. Here is my pam.conf
# Authentication management
#
# login service (explicit because of pam_dial_auth)
#
login ... (3 Replies)
Hi,
I use a software which can create account on many system or application.
One of resource which is managed by this soft his a server SUSE Linux Enterprise Server 10 (x86_64). patch level 3.
This application which is an IBM application use ssh to launch command to create account in... (3 Replies)
Does anyone have any experience hardening the c-icap.conf file? Here is the default config file, it has a lot of options; sorry about how long it is. I have removed some entries that were not needed as well, but it is still so long :D. Any help is much appreciated as I have never dealt with ICAP.
... (0 Replies)
Discussion started by: savigabi
0 Replies
LEARN ABOUT SUSE
unix2_chkpwd
UNIX2_CHKPWD(8) Linux-PAM Manual UNIX2_CHKPWD(8)NAME
unix2_chkpwd - helper binary that verifies the password of the current user
SYNOPSIS
/sbin/unix2_chkpwd servicename username
DESCRIPTION
unix2_chkpwd is a helper program for applications that verifies the password of the current user. It is not intended to be run directly
from the command line and logs a security violation if done so.
It is typically installed setuid root or setgid shadow and called by applications, which only wishes to do an user authentification and
nothing more.
OPTIONS
unix2_pwdchk requires the following arguments:
pam_service
The name of the service using unix2_chkpwd. This is required to be one of the services in /etc/pam.d
username
The name of the user whose password you want to verify.
INPUTS
unix2_pwdchk expects the password via stdin.
RETURN CODES
unix2_chkpwd has the following return codes:
1 unix2_chkpwd was inappropriately called from the command line or the password is incorrect.
0 The password is correct.
HISTORY
Written by Olaf Kirch loosely based on unix_chkpwd by Andrew Morgan
SEE ALSO pam(8)AUTHOR
Emily Ratliff.
Linux-PAM 0.76 2003-03-21 UNIX2_CHKPWD(8)