Secure Passwords
David A. Bandel
david
Mon May 17 11:46:43 PDT 2004
On Tue, 22 Apr 2003 14:21:49 -0700
Condon Thomas A KPWA <tcondon at kpt.nuwc.navy.mil> wrote:
>
> Folks,
>
> I know I should use special passwords that don't come from the
> dictionary and contain three of the main four items (upper case alpha,
> lower case alpha, numeric and special characters). It was my
> understanding that requiring these was the default, but in retrospect
> I see I was wrong. So, how do I require passwords of this type on a
> RedHat Linux system I was called in to help secure? Any thoughts?
>
> Or do I have to write a pre-processing script to check this?
An excerpt from my /etc/pam.d/passwd file:
# (Add `md5' after the module name to enable MD5 passwords the same way
# that`MD5_CRYPT_ENAB' would do under login.defs).
#
# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
# login.defs. Also the "min" and "max" options enforce the length of the
# new password.
password required pam_unix.so nullok obscure min=4
# Alternate strength checking for password. Note that this
# requires the libpam-cracklib package to be installed.
# You will need to comment out the password line above and
# uncomment the next two in order to use this.
# (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH')
#
# password required pam_cracklib.so retry=3 minlen=6 difok=3
# password required pam_unix.so use_authtok nullok md5
Ciao,
David A. Bandel
--
Focus on the dream, not the competition.
Nemesis Racing Team motto
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mail.linux-sxs.org/pipermail/linux-users/attachments/20030422/39de9bf2/attachment.pgp
More information about the Linux-users
mailing list