Ok, nearly everybody knows pam:
It is not really difficult, if you know where to look:
Open /etc/pam.d/common-password (debian) and read
PAM = Pluggable Authentication ModulesThe linux-pam homepage states "Basically, it is a flexible mechanism for authenticating users." But is there an easy way to enforce password policies within this pam mechanism?
It is not really difficult, if you know where to look:
Open /etc/pam.d/common-password (debian) and read
# Alternate strength checking for password. Note that thisThe two next two lines are:
# requires the libpam-cracklib package to be installed.
# You will need to comment out the password line above and
# uncomment the next two in order to use this.
password required pam_cracklib.so retry=3 minlen=6 difok=3and pam_cracklib.so can be installed via
password required pam_unix.so use_authtok nullok md5
apt-get install libpam-cracklibAt the first line add
dcredit=-4 lcredit=-2 ucredit=-1This translates to dcredit=-4 (4 digits required), lcredit=-2 (2 letter lowercase required), ucredit=-1 (1 letter uppercase required). For a full list of parameters look here.
No comments:
Post a Comment