Hello.
I'm trying to exploit cracklib to force users to use better passwords. But
dcredit=N, ucredit=N, lcredit=N, ocredit=N are not taken into account on my
system when user tries to passwd. Below are pam configuration files:
cat /etc/pam.d/passwd
#%PAM-1.0
auth required /lib/security/pam_stack.so service=system-auth
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
So everything is stacked on system-auth. Now what I have in system-auth:
cat /etc/pam.d/system-auth
#%PAM-1.0
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth required /lib/security/pam_deny.so
account required /lib/security/pam_unix.so
password required /lib/security/pam_cracklib.so retry=3 diffok=3
minlen=8 dccredit=2 upcredit=2 lcredit=2 ocredit=1 type=XXX
password sufficient /lib/security/pam_unix.so nullok md5 shadow
use_authtok
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
So you see I want password to be more then 8 character long to have 2 digits,
2 upper, 2 lower case and 1 other characters. Now as ordinary user I try to
use passwd with password "qwertyuiop" and this works! Can anybody enlight me
why I can use password without digits?
Thank you for your attention,
--
______________________________________
Volkov Peter, <pvolkov@mics.msu.su>
General Physics Institute,
Russian Academy of Sciences.
______________________________________
NO ePATENTS, eSIGN now on:
http://petition.eurolinux.org
and maybe this helps...
Linux 2.4.26-gentoo-r9 i686
Mobile Intel(R) Celeron(R) CPU 1.60GHz
--
gentoo-security@gentoo.org mailing list
I'm trying to exploit cracklib to force users to use better passwords. But
dcredit=N, ucredit=N, lcredit=N, ocredit=N are not taken into account on my
system when user tries to passwd. Below are pam configuration files:
cat /etc/pam.d/passwd
#%PAM-1.0
auth required /lib/security/pam_stack.so service=system-auth
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
So everything is stacked on system-auth. Now what I have in system-auth:
cat /etc/pam.d/system-auth
#%PAM-1.0
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth required /lib/security/pam_deny.so
account required /lib/security/pam_unix.so
password required /lib/security/pam_cracklib.so retry=3 diffok=3
minlen=8 dccredit=2 upcredit=2 lcredit=2 ocredit=1 type=XXX
password sufficient /lib/security/pam_unix.so nullok md5 shadow
use_authtok
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
So you see I want password to be more then 8 character long to have 2 digits,
2 upper, 2 lower case and 1 other characters. Now as ordinary user I try to
use passwd with password "qwertyuiop" and this works! Can anybody enlight me
why I can use password without digits?
Thank you for your attention,
--
______________________________________
Volkov Peter, <pvolkov@mics.msu.su>
General Physics Institute,
Russian Academy of Sciences.
______________________________________
NO ePATENTS, eSIGN now on:
http://petition.eurolinux.org
and maybe this helps...
Linux 2.4.26-gentoo-r9 i686
Mobile Intel(R) Celeron(R) CPU 1.60GHz
--
gentoo-security@gentoo.org mailing list