Marcy, Most of this would be controlled by /etc/login.defs. I don't know if PAM overrules what's in here, honors it, ignores it, or what, though.
1. I'm not sure you can enforce this, per se, but if you enable cracklib checking of passwords, they'll be reasonably strong passwords. CRACKLIB_DICTPATH /var/cache/cracklib/cracklib_dict 2. I don't know if "locking out" someone is possible, out of the box. 3. Two minutes is kind of long, but: LOGIN_TIMEOUT 120 Mark Post -----Original Message----- From: Marcy Cortes [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 02, 2002 4:37 PM To: [EMAIL PROTECTED] Subject: Linux security questions I have to find some answers to these questions for our security plan (why is that part always harder than the install). This is for SuSE 2.4.7 kernel. 1. How can I enforce a password to contain at least 1 numeric, 1 alpha, and 1 special character? 2. How can I lockout a userid after 3 bad attempts at password 3. How can I set a login to timeout if a valid userid/pwd is not entered within 2 minutes? Thanks in advance! Marcy Cortes VM Systems Programming Wells Fargo Services Company