On Sep 17, 2012, at 7:53 PM, Tim Hildred wrote: > JR > > I had that line. I commented it out. Thank you. > > Now, what do I have to restart?
I believe it should take effect in real time, but you may need to test to be sure. If it is still happening, you may need to double check that some other pam cfg doesn't also have it present: $ cd /etc/pam.d/ && grep pam_cracklib * If you have removed it from everything and it is still giving you the same error, then I would try a reboot... perhaps getty needs to reinitialize or something. But I'd try those steps before a reboot! ;) > Tim Hildred, RHCE > Content Author II - Engineering Content Services, Red Hat, Inc. > Brisbane, Australia > Email: thild...@redhat.com > Internal: 8588287 > Mobile: +61 4 666 25242 > IRC: thildred > > ----- Original Message ----- >> From: "JR Aquino" <jr.aqu...@citrix.com> >> To: "Tim Hildred" <thild...@redhat.com> >> Cc: "freeipa-users" <email@example.com> >> Sent: Tuesday, September 18, 2012 12:37:48 PM >> Subject: Re: [Freeipa-users] Password requirements too stringent >> >> Tim, please check your /etc/pam.d/system-auth with the password >> block. If you see password requisite pam_cracklib.so, then >> this is why you are having a problem. >> >> $ man pam_cracklib >> >> It is a local security library for enforcing strong password >> practices from the unix cli. >> >> ProTip: >> If you don't need this, you can remove it from pam >> If you want to work around this, set your password from the IPA webui >> or via the cli: "ipa passwd username" >> >> Hope this info helps! >> >> "Keeping your head in the cloud" >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >> JR Aquino >> >> Senior Information Security Specialist, Technical Operations >> T: +1 805 690 3478 | F: +1 805 879 3730 | M: +1 805 717 0365 >> GIAC Certified Incident Handler | GIAC WebApplication Penetration >> Tester >> jr.aqu...@citrix.com<mailto:jr.aqu...@citrix.com> >> >> >> [cid:image002.jpg@01CD4A37.5451DC00] >> >> Powering mobile workstyles and cloud services >> >> >> >> >> >> On Sep 17, 2012, at 6:25 PM, Tim Hildred wrote: >> >> Hey all; >> >> I'm running IPA internally to control access to our cloud >> environment. >> >> I must admit, I do not understand the password requirements. I have >> had them set to the defaults. I read this: >> https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/user-pwdpolicy.html >> >> I have the minimum character classes set to 0. When people use SSH to >> change their passwords, they get "Based on a dictionary word" for >> passwords that have nothing to do with dictionary words. >> >> I can't find anywhere in the documentation a break down of what makes >> an unacceptable versus acceptable password. >> >> Can anyone help me figure out what to tell my users? I think people >> would get a lot less frustrated if they knew why "C679V375" was "too >> simple" when the password policy has 0 required classes. >> >> Tim Hildred, RHCE >> Content Author II - Engineering Content Services, Red Hat, Inc. >> Brisbane, Australia >> Email: thild...@redhat.com >> Internal: 8588287 >> Mobile: +61 4 666 25242 >> IRC: thildred >> >> ps: funny exchange with user: >> Jul 12 14:12:33 <user1> i feel like im being punked >> Jul 12 14:12:40 <user1> it is based on a dictionary word >> Jul 12 14:12:43 <user1> it is too short >> Jul 12 14:12:49 <user1> is does not have enough unique letters >> Jul 12 14:12:51 <user1> etc >> >> _______________________________________________ >> Freeipa-users mailing list >> Freeipafirstname.lastname@example.org >> https://www.redhat.com/mailman/listinfo/freeipa-users >> >> _______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users