[Freeipa-users] Is it possible to Disable BAD Password from IPA Configs
Hi, Is there any way that we can configure IPA server not to do Strict Checking for Password. For EG: *BAD PASSWORD: The password is too similar to the old one* *New password: * *BAD PASSWORD: The password fails the dictionary check - it is based on a dictionary word* We tried removing use_authtok from below but no luck. passwordsufficientpam_unix.so sha512 shadow nullok try_first_pass use_authtok system-auth password config: [root@cipa vagrant]# cat /etc/pam.d/system-auth | grep password | grep -v grep *passwordrequisite pam_pwquality.so try_first_pass retry=3 type=* *passwordsufficientpam_unix.so sha512 shadow nullok try_first_pass use_authtok* *passwordsufficientpam_sss.so use_authtok* *passwordrequired pam_deny.so* [root@cipa vagrant]# *Best Regards,__* *Yogesh Sharma* -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Is it possible to Disable BAD Password from IPA Configs
On Wed, 25 Mar 2015, Yogesh Sharma wrote: Hi, Is there any way that we can configure IPA server not to do Strict Checking for Password. For EG: *BAD PASSWORD: The password is too similar to the old one* *New password: * *BAD PASSWORD: The password fails the dictionary check - it is based on a dictionary word* We tried removing use_authtok from below but no luck. passwordsufficientpam_unix.so sha512 shadow nullok try_first_pass use_authtok You are changing *wrong* configuration. system-auth password config: [root@cipa vagrant]# cat /etc/pam.d/system-auth | grep password | grep -v grep *passwordrequisite pam_pwquality.so try_first_pass retry=3 type=* pam_pwquality is responsible for the password strength checks in PAM stack. Read its documentation for details. P.S. This question has nothing to do with FreeIPA. -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
