|
Home > Archive > Red Hat Configuration > January 2004 > Password Length
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| jfewebs 2004-01-23, 7:11 pm |
| Does anyone kno how to reset the password minimum length in RedHat 8.0
from 6 to 5?
| |
| WLauman 2004-01-23, 7:11 pm |
| Not sure if it's what your after but,
look in /etc/login.defs
Wayne
"jfewebs" <jfewebs@iquest.net> wrote in message
news:3F0DE372.6050708@iquest.net...quote:
> Does anyone kno how to reset the password minimum length in RedHat 8.0
> from 6 to 5?
>
| |
| WLauman 2004-01-23, 7:11 pm |
| Not sure if it's what your after but,
look in /etc/login.defs
Wayne
"jfewebs" <jfewebs@iquest.net> wrote in message
news:3F0DE372.6050708@iquest.net...quote:
> Does anyone kno how to reset the password minimum length in RedHat 8.0
> from 6 to 5?
>
| |
|
| I tried that already, but it doesn't seem to change anything. I
wondering if PAM rules are keeping it at the defualt?
- Jack -
WLauman wrote:quote:
> Not sure if it's what your after but,
> look in /etc/login.defs
> Wayne
>
> "jfewebs" <jfewebs@iquest.net> wrote in message
> news:3F0DE372.6050708@iquest.net...
>
>
>
>
| |
| WLauman 2004-01-23, 7:11 pm |
| Not sure if it's what your after but,
look in /etc/login.defs
Wayne
"jfewebs" <jfewebs@iquest.net> wrote in message
news:3F0DE372.6050708@iquest.net...quote:
> Does anyone kno how to reset the password minimum length in RedHat 8.0
> from 6 to 5?
>
| |
|
| I tried that already, but it doesn't seem to change anything. I
wondering if PAM rules are keeping it at the defualt?
- Jack -
WLauman wrote:quote:
> Not sure if it's what your after but,
> look in /etc/login.defs
> Wayne
>
> "jfewebs" <jfewebs@iquest.net> wrote in message
> news:3F0DE372.6050708@iquest.net...
>
>
>
>
| |
|
| I tried that already, but it doesn't seem to change anything. I
wondering if PAM rules are keeping it at the defualt?
- Jack -
WLauman wrote:quote:
> Not sure if it's what your after but,
> look in /etc/login.defs
> Wayne
>
> "jfewebs" <jfewebs@iquest.net> wrote in message
> news:3F0DE372.6050708@iquest.net...
>
>
>
>
| |
| Wayne Pollock 2004-01-23, 7:11 pm |
| The login.defs file only controls defaults for new accounts
created via useradd. To set the minimum length of passwords
in RedHat you must update the security policies set with PAM.
I only have RH 7 but I'm sure it works the same in new RH too.
The file you must update is /etc/pam.d/system-auth. Look for
a line like:
password required /lib/security/pam_cracklib.so retry=3 type=
and add "minlen=#" where "#" is the minimum length you want. Note
this is tricky since the default value is 9, not 6! Cracklib
computes the length by giving "credit" for each different type
of character used in the password: uppercase, lowercase, digit,
and other. So if you use all lowercase letters the default setting
requires 8 characters. If you mix upper and lower case letters,
you can use 7 characters. Mix in a digit or two and 6 is the minimum.
Add a space or "!" or some symbol as well, and the default setting
will allow passwords of 5 characters (say "!X1g%").
(The amount of credit per type of character, and other password
parameters can all be tweaked. see:
http://www.kernel.org/pub/linux/lib...am-6.html#ss6.3
for more details on pam_cracklib.)
A better approach might be to install "pwgen" which generates
strong, pronounceable (at least in theory) passwords. You or
your users can use this program. (Install from source only,
the RPM packages on the net seem to work differently.)
Whatever you do technically, make sure you follow the security
policy at your organization. (If you get to set that, make
sure you document you password policy!)
Finally there is a command "authconfig". If you use authconfig
it will wipe out the changes you made by hand to this file!
I suggest you turn off execute permission on this command to
prevent accidents.
Hope this helps!
-Wayne
jfewebs wrote:
quote:
> Does anyone kno how to reset the password minimum length in RedHat 8.0
> from 6 to 5?
>
| |
| Wayne Pollock 2004-01-23, 7:11 pm |
| The login.defs file only controls defaults for new accounts
created via useradd. To set the minimum length of passwords
in RedHat you must update the security policies set with PAM.
I only have RH 7 but I'm sure it works the same in new RH too.
The file you must update is /etc/pam.d/system-auth. Look for
a line like:
password required /lib/security/pam_cracklib.so retry=3 type=
and add "minlen=#" where "#" is the minimum length you want. Note
this is tricky since the default value is 9, not 6! Cracklib
computes the length by giving "credit" for each different type
of character used in the password: uppercase, lowercase, digit,
and other. So if you use all lowercase letters the default setting
requires 8 characters. If you mix upper and lower case letters,
you can use 7 characters. Mix in a digit or two and 6 is the minimum.
Add a space or "!" or some symbol as well, and the default setting
will allow passwords of 5 characters (say "!X1g%").
(The amount of credit per type of character, and other password
parameters can all be tweaked. see:
http://www.kernel.org/pub/linux/lib...am-6.html#ss6.3
for more details on pam_cracklib.)
A better approach might be to install "pwgen" which generates
strong, pronounceable (at least in theory) passwords. You or
your users can use this program. (Install from source only,
the RPM packages on the net seem to work differently.)
Whatever you do technically, make sure you follow the security
policy at your organization. (If you get to set that, make
sure you document you password policy!)
Finally there is a command "authconfig". If you use authconfig
it will wipe out the changes you made by hand to this file!
I suggest you turn off execute permission on this command to
prevent accidents.
Hope this helps!
-Wayne
jfewebs wrote:
quote:
> Does anyone kno how to reset the password minimum length in RedHat 8.0
> from 6 to 5?
>
| |
| Wayne Pollock 2004-01-23, 7:11 pm |
| The login.defs file only controls defaults for new accounts
created via useradd. To set the minimum length of passwords
in RedHat you must update the security policies set with PAM.
I only have RH 7 but I'm sure it works the same in new RH too.
The file you must update is /etc/pam.d/system-auth. Look for
a line like:
password required /lib/security/pam_cracklib.so retry=3 type=
and add "minlen=#" where "#" is the minimum length you want. Note
this is tricky since the default value is 9, not 6! Cracklib
computes the length by giving "credit" for each different type
of character used in the password: uppercase, lowercase, digit,
and other. So if you use all lowercase letters the default setting
requires 8 characters. If you mix upper and lower case letters,
you can use 7 characters. Mix in a digit or two and 6 is the minimum.
Add a space or "!" or some symbol as well, and the default setting
will allow passwords of 5 characters (say "!X1g%").
(The amount of credit per type of character, and other password
parameters can all be tweaked. see:
http://www.kernel.org/pub/linux/lib...am-6.html#ss6.3
for more details on pam_cracklib.)
A better approach might be to install "pwgen" which generates
strong, pronounceable (at least in theory) passwords. You or
your users can use this program. (Install from source only,
the RPM packages on the net seem to work differently.)
Whatever you do technically, make sure you follow the security
policy at your organization. (If you get to set that, make
sure you document you password policy!)
Finally there is a command "authconfig". If you use authconfig
it will wipe out the changes you made by hand to this file!
I suggest you turn off execute permission on this command to
prevent accidents.
Hope this helps!
-Wayne
jfewebs wrote:
quote:
> Does anyone kno how to reset the password minimum length in RedHat 8.0
> from 6 to 5?
>
|
|
|
|
|