Find the answer to your Linux question:
Results 1 to 2 of 2
I'm having an issue with password controls. I'd like to avoid installing additional PAM's if I can. I'd like to use RedHat's built-in functionality for applying some control on passwords. ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jun 2005
    Posts
    6

    Linux Password Controls


    I'm having an issue with password controls. I'd like to avoid installing additional PAM's if I can. I'd like to use RedHat's built-in functionality for applying some control on passwords. Please keep in mind that I'm an extreme newbie, so I tend to need more explaining.

    Systems: RedHat 8.0 & RedHat 9.0

    Here's what I have done so far. I have created a user with the following:

    Username: "scott"
    Password: "pass123456$"

    I want the user to log on to the system for the first time using a password I supply to him (in this case "pass123456$"), and be forced to change that password by the system. I want the system to force the user's password to be:

    1 - 11 chars in length, or longer
    2 - Contain 1 number
    3 - Contain 1 special char like "$"

    I also want all future password changes that the user invokes, or that the system forces, to follow those rules. So far, I've edited the file "/etc/pam.d/system-auth" to show the following:

    ***************************************
    auth required /lib/security/$ISA/pam_env.so
    auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
    auth required /lib/security/$ISA/pam_deny.so

    account required /lib/security/$ISA/pam_unix.so

    password required /lib/security/$ISA/pam_cracklib.so retry=3 minlen=11 dcredit=-1 ocredit=-1
    password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
    password required /lib/security/$ISA/pam_deny.so

    session required /lib/security/$ISA/pam_limits.so
    session required /lib/security/$ISA/pam_unix.so
    ****************************************

    I've also tried several variations of this, such as "minlen=10 dcredit=1 ocredit=1".

    I have tried running the following commands to force a change at initial login:

    usermod L scott
    chage d 0 scott
    usermod p scott

    The commands above DO force the user to change his/her pass at first login, but it removes the password I previously set and doesn't require an initial password. This is NOT what I want. I want the user to have to enter the password that I give him, THEN be forced to change it.

    More importantly, the password rules I set in "/etc/pam.d/system-auth" do not apply. User "scott" can successfully change his/her password to "helloworld" when he logs on, which shouldn't be the case.

    Last, but not least, I would love to know how to get the user's account locked out for a period of 15 minutes after 3 consecutive, unsuccessful logons.

    Any help you can provide would be greatly appreciated. Thanks!,

    Scott

  2. #2
    Linux Newbie jamey112's Avatar
    Join Date
    May 2005
    Location
    Nashville, TN
    Posts
    212
    log in as root, with your session being KDE (not sure how to do it in anything, i have too a noob) go to the control center, and look around in that. i was playing around with it last night and came across that. i would get the exact location for ya, but i am at work right now and we have windows here. i will look when i get home if no one else has answered you by then. should be easy to find though, look around in the security section
    Today I fell and felt better, Just knowing this matters, I just feel stronger and SHARPER!!!, Found a box of sharp objects, What a beautiful THING!!! Box of Sharp Objects - The Used

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •