Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Want to require users to enter an 8 character password with 1 numeric and 1 special character, 90 day expiration, 120 day inactivity, 3 try lockout.
Have looked at PAM in an attempt to setup some of the initial password requirements (8 char, 1 digit, 1 special) but can't seem to get any of it working. Tried making changes to /etc/pam.d/passwd and /etc/pam.d/system-auth using cracklib with the various credit parameters as specified in the PAM documentation but can't seem to get it to work.
Also can't seem to find thorough documentation on the xcredit parameters, or for system-auth.
what does PAM have to do with password security? , maybe you could write a script that people could use to make there passwords with, or modify the program that sets the passwords to check for you requirements
I believe PAM is documented to provide services regarding the password itself. I tried adding the following line to /etc/pam.d/password and /etc/pam.d/system-auth...
This is supposed to require a password with at least 1 digit and 1 "other" character, with a minimum length of 8 characters - if I am reading the documentation correctly.
Trying to do the same think with RH Enterprise 3 and having about the same amount of success trying to configure the system-auth file. I too would love some help. While I don't mind working at the command line, I would have thought that RH might have made this a bit easier all things considered.
I think some of this is done through the shadow file. If you use X and go to System Settings=>Users and Groups=>select a user=>Password Info you will see some entrys for password aging. Changing this GUI modifies the /etc/shadow file. I would like to know if there is a command line utility to do this, or if it is considered good practice to modify /etc/shadow using vi or some other editor. But this only effects password aging and not password content.
To make modifications to the /etc/shadow file, you can use the usermod command.
Eventhough you are allowed to modify the shadow file manually, I encourage you to use the usermod command.
In order to implement all the above mentioned login rules for new users, you will need to modify the /etc/login.defs file.
Also, the /etc/skel/ directory contains default configuration files which will be copied to a new users HOME directory.
And if you want to add login scripts or other custom configuration settings which will be applied to all users at log-on, you can add them to the /etc/profile.local file.
Anyone out there doing anything about repetitive login attempts/failures beyond watching a log or delaying the ability to make subsequent login attempts?
Anyone out there doing anything about repetitive login attempts/failures beyond watching a log or delaying the ability to make subsequent login attempts?
Could block 'em off using pam_tally.
I believe PAM is documented to provide services regarding the password itself. I tried adding the following line to /etc/pam.d/password and /etc/pam.d/system-auth...
This is supposed to require a password with at least 1 digit and 1 "other" character, with a minimum length of 8 characters - if I am reading the documentation correctly.
I think you are not reading documentation correctly. minlen is minimal numbe of credits. It is also not sure what do you mean by "not working".. does system accepts passworsd that it should not? Or your aparently valid passowrd is rejected?
Necroposting, the practice of responding to a thread that died a long time ago, is in this case not that useful. As the OP left several years ago. Please choose where you post carefully. Thread closed.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.