DJ Lucas wrote:
> Hi guys, troubleshooting a cracklib problem, completely unrelated to the
> options in the book, I wondered why we change the defaults in
> /etc/pam.d/passwd at all. I remembered that these came from the hint
> long ago. Our current setup could allow a password of as little as 6
> characters (a hard coded minimum), even if minlen were set up to 11 (it
> is 5 now). I suggest that we go with the defaults for the passwd
> config. Also, excluding the retry option, the rest have no need to be
> in the login config file. The line below changes only the default type
> as displayed at the password prompts, "Enter ({old,new}) UNIX password"
> to "Enter ({old,new}) Linux password". The rest are the defaults.
>
> password required pam_cracklib.so type=Linux retry=1 \
> difok=5 diffignore=23 minlen=9 \
> dcredit=1 ucredit=1 lcredit=1 \
> ocredit=1 \
> dictpath=/lib/cracklib/pw_dict
>
> Note, that this will still allow a password length of 6 characters if
> you use all 4 cases (character credit +1 if used 4 cases is 6 + 4 = 10
> which is minlen +1 as required because credits are enabled).
> 'man pam_cracklib' for more info.
I have no problem with this proposal, but I don't use PAM in my normal
environment.
-- Bruce
--
http://linuxfromscratch.org/mailman/listinfo/blfs-dev
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
