JR

I had that line. I commented it out. Thank you.

Now, what do I have to restart?

Tim Hildred, RHCE
Content Author II - Engineering Content Services, Red Hat, Inc.
Brisbane, Australia
Email: thild...@redhat.com
Internal: 8588287
Mobile: +61 4 666 25242
IRC: thildred

----- Original Message -----
> From: "JR Aquino" <jr.aqu...@citrix.com>
> To: "Tim Hildred" <thild...@redhat.com>
> Cc: "freeipa-users" <freeipa-users@redhat.com>
> Sent: Tuesday, September 18, 2012 12:37:48 PM
> Subject: Re: [Freeipa-users] Password requirements too stringent
> 
> Tim, please check your /etc/pam.d/system-auth with the password
> block.  If you see password    requisite     pam_cracklib.so, then
> this is why you are having a problem.
> 
> $ man pam_cracklib
> 
> It is a local security library for enforcing strong password
> practices from the unix cli.
> 
> ProTip:
> If you don't need this, you can remove it from pam
> If you want to work around this, set your password from the IPA webui
> or via the cli: "ipa passwd username"
> 
> Hope this info helps!
> 
> "Keeping your head in the cloud"
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> JR Aquino
> 
> Senior Information Security Specialist, Technical Operations
> T: +1 805 690 3478 | F: +1 805 879 3730 | M: +1 805 717 0365
> GIAC Certified Incident Handler | GIAC WebApplication Penetration
> Tester
> jr.aqu...@citrix.com<mailto:jr.aqu...@citrix.com>
> 
> 
> [cid:image002.jpg@01CD4A37.5451DC00]
> 
> Powering mobile workstyles and cloud services
> 
> 
> 
> 
> 
> On Sep 17, 2012, at 6:25 PM, Tim Hildred wrote:
> 
> Hey all;
> 
> I'm running IPA internally to control access to our cloud
> environment.
> 
> I must admit, I do not understand the password requirements. I have
> had them set to the defaults. I read this:
> https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/user-pwdpolicy.html
> 
> I have the minimum character classes set to 0. When people use SSH to
> change their passwords, they get "Based on a dictionary word" for
> passwords that have nothing to do with dictionary words.
> 
> I can't find anywhere in the documentation a break down of what makes
> an unacceptable versus acceptable password.
> 
> Can anyone help me figure out what to tell my users? I think people
> would get a lot less frustrated if they knew why "C679V375" was "too
> simple" when the password policy has 0 required classes.
> 
> Tim Hildred, RHCE
> Content Author II - Engineering Content Services, Red Hat, Inc.
> Brisbane, Australia
> Email: thild...@redhat.com
> Internal: 8588287
> Mobile: +61 4 666 25242
> IRC: thildred
> 
> ps: funny exchange with user:
> Jul 12 14:12:33 <user1> i feel like im being punked
> Jul 12 14:12:40 <user1> it is based on a dictionary word
> Jul 12 14:12:43 <user1> it is too short
> Jul 12 14:12:49 <user1> is does not have enough unique letters
> Jul 12 14:12:51 <user1> etc
> 
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
> 
> 
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to