Hi guys, troubleshooting a cracklib problem, completely unrelated to the
options in the book, I wondered why we change the defaults in
/etc/pam.d/passwd at all. I remembered that these came from the hint
long ago. Our current setup could allow a password of as little as 6
characters (a hard coded minimum), even if minlen were set up to 11 (it
is 5 now). I suggest that we go with the defaults for the passwd
config. Also, excluding the retry option, the rest have no need to be
in the login config file. The line below changes only the default type
as displayed at the password prompts, "Enter ({old,new}) UNIX password"
to "Enter ({old,new}) Linux password". The rest are the defaults.
password required pam_cracklib.so type=Linux retry=1 \
difok=5 diffignore=23 minlen=9 \
dcredit=1 ucredit=1 lcredit=1 \
ocredit=1 \
dictpath=/lib/cracklib/pw_dict
Note, that this will still allow a password length of 6 characters if
you use all 4 cases (character credit +1 if used 4 cases is 6 + 4 = 10
which is minlen +1 as required because credits are enabled).
'man pam_cracklib' for more info.
-- DJ Lucas
--
http://linuxfromscratch.org/mailman/listinfo/blfs-dev
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
