NIS password policy

 
Thread Tools Search this Thread
Operating Systems Linux Red Hat NIS password policy
# 1  
Old 10-20-2010
NIS password policy

Hi,

I am running NIS server on redhat linux 5 and I want to implement password restrictions for the yppasswd, how can I do it.Please help me.

I can implement password restriction for passwd by configuring /etc/pam.d/system-auth and setting crack_lib.so but I don't know how to implent the same for NIS
# 2  
Old 10-21-2010
** If you have /lib/security/pam_pwdb.so
append below to your /etc/pwdb.conf in client
Code:
user:
    unix+shadow
    nis+unix+shadow
group:
    unix+shadow
    nis+unix+shadow

change like below to /etc/nsswitch.conf
Code:
passwd:     files nis
shadow:     files nis
group:      files nis

append like below to /etc/pam.d/passwd
Code:
auth  required  /lib/security/pam_pwdb.so shadow  
account  required  /lib/security/pam_pwdb.so  
password  required  /lib/security/pam_cracklib.so retry=3  
password  required  /lib/security/pam_pwdb.so use_authtok md5 shadow


** if you have not pam_pwdb.so then append like below to /etc/pam.d/passwd
Code:
password required pam_unix.so obscure min=8 max=15 md5 nis
password required pam_cracklib.so retry=3 retry=3 minlen=12 dcredit=2 ucredit=2 lcredit=1 difok=3
password sufficient pam_unix.so obscure min=4 max=8 md5 nis use_authtok
password required pam_unix.so obscure min=4 max=8 md5 use_first_pass

** if you dont success for these methods then u can try this module for nis
PAM NIS authorisation module

good lucks
regards ygemici

Last edited by ygemici; 10-21-2010 at 12:19 PM..
# 3  
Old 10-21-2010
Hi,

Thanks for the response, I tried both options but no luck, after editing pam files do i need to start any services.
If i go for third option what I need to do after installing.

Thanks,
trimurtulu
# 4  
Old 10-21-2010
In normally you dont need service restart maybe you restart or reboot the service then if it is idle..

for third option i think this module is for only nis service and to enable/disable users that a specific file or enable/disable specific nis maps for users....
so probably you cannot use for password policy..

for this you must use pam_cracklib.so

add these "system-auth" file
Code:
password sufficient pam_unix.so obscure min=4 max=8 md5 shadow nis use_authtok
password required pam_unix.so obscure min=8 max=15 md5 nis
password required pam_cracklib.so retry=3 retry=3 minlen=12 dcredit=2 ucredit=2 lcredit=1 difok=3
password required pam_deny.so

Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Red Hat

Password policy for root

Hi, I am unable to enforce password complexity policy for root user. (other users are working) on RHEL 6.2. Anything wrong with system-auth parameters? PLease help.. vi /etc/pam.d/system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time... (1 Reply)
Discussion started by: suresh3566
1 Replies

2. AIX

Password Policy

I need help. I have set a password policy. But I want to dis allow setting user name as password. My policy is as below... min length =8 min diff=2 min alpha=2 max repeats=2 dictionary= /usr/share/dict/words Still user can set his username as password (i.e. Jackie1234). Code tags for... (11 Replies)
Discussion started by: powerAIX
11 Replies

3. Ubuntu

Password Expiration Policy

Hello Team, I am using Lubuntu & have DRBL remote boot setup with open Ldap authentication. Currently there is no password expire policy. I want to set Password Policy so that user's password will expire after a month & they will get prompt to change their password. Using PAM we can do it,... (1 Reply)
Discussion started by: paragnehete
1 Replies

4. Solaris

Solaris and PAM Password policy

Hello All, I have Sun DSEE7 (11g) on Solaris 10. I have run idsconfig and initialized ldap client with profile created using idsconfig. My ldap authentication works. Here is my pam.conf # Authentication management # # login service (explicit because of pam_dial_auth) # login ... (3 Replies)
Discussion started by: pandu345
3 Replies

5. Red Hat

Password Policy description

Hi Experts, i would like to know the description of the following: Minimum: 0 Maximum: 90 Warning: 7 Inactive: -1 Last Change: Never Password Expires: Never Password Inactive: Never Account Expires: Never Does this means that... (2 Replies)
Discussion started by: yprudent
2 Replies

6. Ubuntu

User and Password Policy

Hi linux expert, i would like to create a script for listing all user with there password policy. It should be in the following format: Last password change : Sep 19, 2011 Password expires : never Password inactive : never Account... (2 Replies)
Discussion started by: yprudent
2 Replies

7. Solaris

password policy for new user

hi folk, i try to setup a new password policy for our solaris box user, below are the /etc/default/passwd/, but then when i tried to create a user, it didn't ask for numeric character, and the new password also didn't ask for special characters. # useradd testing # passwd testing New... (7 Replies)
Discussion started by: dehetoxic
7 Replies

8. Red Hat

Shadow file password policy

Today i was going through some of security guides written on linux . Under shadow file security following points were mentioned. 1)The encrypted password stored under /etc/shadow file should have more than 14-25 characters. 2)Usernames in shadow file must satisfy to all the same rules as... (14 Replies)
Discussion started by: pinga123
14 Replies

9. Solaris

Password policy problem ??

Hi Solaris's expert I need to change user password on Solaris10 2 servers. With the same password I can change it just only one. Try to check everything but not found difference?? password pattern: abcdeFgh9Jk server1 check all characters but server2 check only first 8 characters.Why??... (10 Replies)
Discussion started by: arm_naja
10 Replies

10. UNIX and Linux Applications

Need openLDAP + Password policy guide

Hi all of you.............. I am using openldap on ubuntu server . i want to apply password policy for user's to set password length , expire date , ......etc. can anybody guide me to configure this. (1 Reply)
Discussion started by: jagnikam
1 Replies
Login or Register to Ask a Question