Login or Register to Ask a Question and Join Our Community


UNIX for Dummies Questions & Answers

How to implement password policies?

 
Thread Tools Search this Thread
Top Forums UNIX for Dummies Questions & Answers How to implement password policies?
# 1  
Old 11-25-2010
How to implement password policies?
How would i ensure that whenever any user changes the password it should meet following.
  1. It should be more than 7 Characters.
  2. Atleast one Upper case character,digit and special character present.
  3. Password is not same as username or dictionary word .
  4. User should get email after changing his password(I have already setup mail account and tested the setup).
Code:
Distribution Detail
# lsb_release -a
LSB Version:    :core-3.1-ia32:core-3.1-noarch:graphics-3.1-ia32:graphics-3.1-noarch
Distributor ID: EnterpriseEnterpriseServer
Description:    Enterprise Linux Enterprise Linux Server release 5.2 (Carthage)
Release:        5.2
Codename:       Carthage
# uname -a
Linux OFSMUW-VMGR-51 2.6.18-92.el5PAE #1 SMP Fri May 23 22:26:05 EDT 2008 i686 i686 i386 GNU/Linux

Last edited by rbatte1; 11-28-2016 at 11:32 AM..
# 2  
Old 11-25-2010
see 6.2.*pam_cracklib - checks the password against dictionary words
# 3  
Old 11-25-2010
Here is what i have done according to the link.
I have opened the file made following changes restart the system.
Tried to change the password of root user with minimum 5 characters.
to my surprise i was able to change the password .
How this happened ?Do i need to run any command to force PAM authentication?
content from /etc/pam.d/system-auth (The one i have changed is highlighted in bold).

Quote:
# cat /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so

account required pam_unix.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_permit.so

password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password required pam_deny.so

session optional pam_keyinit.so revoke
session required pam_limits.so
session optional pam_mkhomedir.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
password requisite /lib/security/pam_cracklib.so retry=3 minlen=12 lcredit=1 ucredit=1 dcredit=1 ocredit=0
 
Login or Register to Ask a Question

Previous Thread | Next Thread

5 More Discussions You Might Find Interesting

1. Forum Support Area for Unregistered Users & Account Problems

Password sent via reset password email is 'weak' and won't allow me to change my password

I was unable to login and so used the "Forgotten Password' process. I was sent a NEWLY-PROVIDED password and a link through which my password could be changed. The NEWLY-PROVIDED password allowed me to login. Following the provided link I attempted to update my password to one of my own... (1 Reply)
Discussion started by: Rich Marton
1 Replies

2. Shell Programming and Scripting

How to implement this?

hi i have a file like 1,"A","B" 2,"C","D" 1,"E","F" 3,"G","H" in output i need like 3,"G","H" 1,"E","F" 2,"C","D" 1,"A","B" (12 Replies)
Discussion started by: angel12345
12 Replies

3. Shell Programming and Scripting

Trying to implement 'more' command

Hi all, i'm quite new in the UNIX world. So maybe i'm going to ask simple questions but they are unsolvable for me... I'm trying to implement the 'more' function or kinda of that, for improving my knowledges. But I encountered some problems that i hope u will help me to solve. The code i... (0 Replies)
Discussion started by: Cellofan
0 Replies

4. Shell Programming and Scripting

how to implement this

Hi all, could any of you please help me on my problem.. we are doing FTP (one report out put) from one server to another server through unix shell script program. Due to the network issues, some times FTP process is hanging. So we planned to modify the existing program with the following... (2 Replies)
Discussion started by: kishore_jasthi
2 Replies

5. UNIX for Dummies Questions & Answers

passwd policies

Hi Guys, i want to ask how i can add a special policies for users. for example i want so say that each user must chnage the password every 4 weeks the password should have min 5 chacaters ........ passwd -n DAYS ....... and which string is for the min password lenght ...... many thx! (1 Reply)
Discussion started by: scottl
1 Replies
Login or Register to Ask a Question