Login or Register to Ask a Question and Join Our Community


UNIX for Advanced & Expert Users

Linux PAM:passwd: how many character validate

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users Linux PAM:passwd: how many character validate
# 1  
Old 10-20-2008
Linux PAM:passwd: how many character validate
Helo I m using PAM module on linux system

I have one strange problem.
I have create user and assigned group using my own function.

I m giving more than 8 character password.
Now when I enter upto 8 character then also it will accept.
In short It validate only first 8 character. can U tell me how do I change this setting.

My /etc/pam.d/passwd entry are given bewlo:

#%PAM-1.0
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth

/etc/pam.d/system-auth file contains following:


#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required /lib/security/$ISA/pam_deny.so

account required /lib/security/$ISA/pam_unix.so
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account required /lib/security/$ISA/pam_permit.so

password requisite /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password required /lib/security/$ISA/pam_deny.so

session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so


what to to

Amit
# 2  
Old 10-20-2008
Change the pam_cracklib.so line to have a large value for "minlen" This means all passwords will have to be this minimum length, which should be a caution for you.

see:
pam_cracklib(8) - Linux man page
# 3  
Old 10-20-2008
Quote:
Originally Posted by jim mcnamara
Change the pam_cracklib.so line to have a large value for "minlen" This means all passwords will have to be this minimum length, which should be a caution for you.

see:
pam_cracklib(8) - Linux man page
Helo Jim thx for replying me.

I m new in PAM stuff. I read man page but still confused.
can You tell me how do I change that line pam_cracklib.so so that I have a large value of minlen?

Regards,
Amit
# 4  
Old 10-20-2008
Quote:
Another example (in the /etc/pam.d/passwd format) is for the case that you want to use md5 password encryption:
#%PAM-1.0
#
# These lines allow a md5 systems to support passwords of at least 14
# bytes with extra credit of 2 for digits and 2 for others the new
# password must have at least three bytes that are not present in the
# old password
#
password required pam_cracklib.so \
difok=3 minlen=15 dcredit= 2 ocredit=2
password required pam_unix.so use_authtok nullok md5
from the link I just gave you.... note the red text
# 5  
Old 10-20-2008
Quote:
Originally Posted by jim mcnamara
from the link I just gave you.... note the red text
Helo Jim thx again for replying me quickly.

I have one more dought again

My problem is that suppose create a user and give a 12 character password . It will accept this password.

But when I logg off and again login and now I give first 8 character then only It will accept password. So it menas it validates only first 8 character.

One more my /etc/pam.d/passwd file contains following

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required /lib/security/$ISA/pam_deny.so

account required /lib/security/$ISA/pam_unix.so
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account required /lib/security/$ISA/pam_permit.so

password requisite /lib/security/$ISA/pam_cracklib.so retry=3 minlen=12
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password required /lib/security/$ISA/pam_deny.so

session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so


Now tell me where do i make change in passwd (/etc/pam.d/passwd)
or system-auth (/etc/pam.d/system-auth )

Once again thx for your support.

Regards,
Amit

#%PAM-1.0
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth


there is no entry like cracklib

any way my /etc/pam.d/system-auth file contains following
Login or Register to Ask a Question

Previous Thread | Next Thread

8 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Pam.d and make difference between AD User and local user on Linux

Hello, i configured rhel linux 6 with AD directory to authorize windows users to connect on the system and it works. i have accounts with high privileges (oracle for example) if an account is created on the AD server i would to block him. I looked for how to do, for the moment all the... (3 Replies)
Discussion started by: vincenzo
3 Replies

2. Red Hat

Linux PAM.d for restricting repeated use of same passwords

Dear All , I have configured password history in the Linux Server. Below is the PAM.d system-auth configuration file. #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth required ... (1 Reply)
Discussion started by: jegaraman
1 Replies

3. UNIX for Advanced & Expert Users

Passwd file define user with special character

Hi all , The FTP user defind in my passwd file has ! in the hash password field and i want to know way is that its usually either MD5(Unix) hash or * can anyone explain to me i'm new for unix and want to learn this how my passwd file looks : ... (2 Replies)
Discussion started by: dahash11
2 Replies

4. SuSE

PAM password change failed, pam error 20

Hi, I use a software which can create account on many system or application. One of resource which is managed by this soft his a server SUSE Linux Enterprise Server 10 (x86_64). patch level 3. This application which is an IBM application use ssh to launch command to create account in... (3 Replies)
Discussion started by: scabarrus
3 Replies

5. UNIX for Dummies Questions & Answers

passwd -S on linux- what are the fields?

I'm looking for some documentation on what the different fields mean in the output of passwd -S username: passwd -S foo foo PS 2012-03-20 0 70 3 -1 (Password set, MD5 crypt.) I think the date given is the date of the last password change, the 0 after that is the minimum password age, and... (2 Replies)
Discussion started by: Anne Neville
2 Replies

6. AIX

When did AIX start using /etc/security/passwd instead of /etc/passwd to store encrypted passwords?

Does anyone know when AIX started using /etc/security/passwd instead of /etc/passwd to store encrypted passwords? (1 Reply)
Discussion started by: Anne Neville
1 Replies

7. Linux

ssh and passwd scripting execution problems on linux

I'm having a problem here and I was wondering if anyone could help me? I'm putting together a password script. First off, I don't have root access. I have sudo access. Lets say the User ID is Trevor1, the password is H!rry23! and the server name is Linux1234 This is how the script begins ... (5 Replies)
Discussion started by: wdog17
5 Replies

8. Shell Programming and Scripting

Script for updating the comments field on /etc/passwd on redhat linux

Hi there, I have more that 300 servers that I need to updated the comments field on /etc/passwd for users that have a blank comments fields. The users have accounts on different servers. I have created a list of these users on a text file called update_passwd.txt. I need a script that will... (6 Replies)
Discussion started by: Linux Duke
6 Replies
Login or Register to Ask a Question