password control?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Where might I find docs on howto configure user account passwords to
support a format of x number of digits, x number of symbols, with
length x, etc...?

Re: password control?

On Thu, 9 Aug 2007 22:12:08 -0500, Ender
Quoted text here. Click to load it
libpam-doc, specifically the cracklib module.

The University of California Statistics Department; where mean is normal,
and deviation standard.

Re: password control?

Quoted text here. Click to load it

The location of the documentation depends on your Linux distribution.
libpam-doc seems to be a Debian-ism. Under RedHat, it's in /usr/share/
docs, or for tools whose authors wrote man pages, it's in the man
pages. For tools whose authors use the standard texinfo format, it's
in /usr/share/info. Etc., etc., tec.

Debian does seem to be good about having such documentation in a
separate package with a sensible name.

Many distributions also have a system configuration tool specific to
their distribution to manipulate such system settings, some good, some
awful. And configuring additional shared password structures, like
Kerberos and LDAPnad Winbind, means those systems have their *own*
configuration settings.

Perhaps you could share a few more details about your setup? Your OS,
and whether you need Kerberos or LDAP or Winbind or NIS?

Re: password control?

Quoted text here. Click to load it

Well, my systems are gentoo, and I've had problems with cracklib in the
past, couldn't change passwords (don't remember the error, but wouldn't
be too hard to dig it back up), so I've have to revert back to pam. And
I'd like to get LDAP going (learn it first) so that my users can run
the same account passwd's across all our machines.

Re: password control?

Ender coughed up some electrons that declared:

Quoted text here. Click to load it

If you just want to have common passwords, kerberos is a better option IMO.
Although it looks like a black art, it is actually not that hard to
configure a server. It also has the reputation of being extremely secure.

Many linux distributions have the required packages, including pam_krb5.

This assumes that you have another way to update the basic account
information (eg NIS, LDAP or scripts to manage /etc/passwd and /etc/group).

The *big* improvement with kerberos is the way that root logins are handled.

Everyone who needs root access has to log in as themselves (in the normal
model, you can subvert this with PAM trickery), then ksu to root using
their own root principle password. Secondly, they also have to be listed
in /root/.k5login which gives a wonderful level of control about who logs
in where and avoids having to have the big book of root passwords.

If that sounds appealing, I'll see if I can dig out a suitable HOWTO.



Re: password control?

Quoted text here. Click to load it

Thanks, your advice has been more than helpful and I can dig the rest
up. I think I will go that route.

Much appreciated.

Site Timeline