[blfs-book] r20872 - in trunk/BOOK: . introduction/welcome postlfs/security

Mon, 24 Dec 2018 17:16:21 -0800 

Author: dj
Date: Mon Dec 24 17:15:21 2018
New Revision: 20872

Log:
Update pam_cracklib configuration with modern options and provide replacement 
configuration with pam_pwqaulity.

Modified:
   trunk/BOOK/general.ent
   trunk/BOOK/introduction/welcome/changelog.xml
   trunk/BOOK/postlfs/security/libpwquality.xml
   trunk/BOOK/postlfs/security/linux-pam.xml

Modified: trunk/BOOK/general.ent
==============================================================================
--- trunk/BOOK/general.ent      Mon Dec 24 13:21:18 2018        (r20871)
+++ trunk/BOOK/general.ent      Mon Dec 24 17:15:21 2018        (r20872)
@@ -1,12 +1,12 @@
 <!-- $LastChangedBy$ $Date$ -->
 
-<!ENTITY day          "23">                   <!-- Always 2 digits -->
+<!ENTITY day          "25">                   <!-- Always 2 digits -->
 <!ENTITY month        "12">                   <!-- Always 2 digits -->
 <!ENTITY year         "2018">
 <!ENTITY copyrightdate "2001-&year;">
 <!ENTITY copyholder   "The BLFS Development Team">
 <!ENTITY version      "&year;-&month;-&day;">
-<!ENTITY releasedate  "December 23rd, &year;">
+<!ENTITY releasedate  "December 25rd, &year;">
 <!ENTITY pubdate      "&year;-&month;-&day;"> <!-- metadata req. by TLDP -->
 <!ENTITY blfs-version "svn">                  <!-- svn|[release #] -->
 <!ENTITY lfs-version  "development">          <!-- x.y|development -->

Modified: trunk/BOOK/introduction/welcome/changelog.xml
==============================================================================
--- trunk/BOOK/introduction/welcome/changelog.xml       Mon Dec 24 13:21:18 
2018        (r20871)
+++ trunk/BOOK/introduction/welcome/changelog.xml       Mon Dec 24 17:15:21 
2018        (r20872)
@@ -42,6 +42,16 @@
     </listitem>
 -->
     <listitem>
+      <para>December 25th, 2018</para>
+      <itemizedlist>
+        <listitem>
+          <para>[dj] - Update pam_cracklib configuration with modern options
+          and provide replacement configuration with pam_pwqaulity.</para>
+        </listitem>
+      </itemizedlist>
+    </listitem>
+
+    <listitem>
       <para>December 23rd, 2018</para>
       <itemizedlist>
         <listitem>

Modified: trunk/BOOK/postlfs/security/libpwquality.xml
==============================================================================
--- trunk/BOOK/postlfs/security/libpwquality.xml        Mon Dec 24 13:21:18 
2018        (r20871)
+++ trunk/BOOK/postlfs/security/libpwquality.xml        Mon Dec 24 17:15:21 
2018        (r20872)
@@ -113,6 +113,42 @@
 
   </sect2>
 
+  <sect2 role="configuration">
+    <title>Configuring Libpwquality</title>
+
+    <para>
+      <application>Libpwquality</application> is intended to be a
+      functional replacement for the <filename>pam_cracklib.so</filename>
+      module with additional options. To replace the
+      <filename>pam_cracklib.so</filename> module with the
+      <filename>pam_pwquality.so</filename> module, execute the following
+      commands as the <systemitem class="username">root</systemitem> user:
+    </para>
+
+<screen role="root"><userinput>mv /etc/pam.d/system-password{,.orig} &amp;&amp;
+cat &gt; /etc/pam.d/system-password &lt;&lt; "EOF"
+<literal># Begin /etc/pam.d/system-password
+
+# check new passwords for strength (man pam_pwquality)
+password  required    pam_pwquality.so   authtok_type=UNIX retry=1 difok=1 \
+                                         minlen=8 dcredit=0 ucredit=0 \
+                                         lcredit=0 ocredit=0 minclass=1 \
+                                         maxrepeat=0 maxsequence=0 \
+                                         maxclassrepeat=0 geoscheck=0 \
+                                         dictcheck=1 usercheck=1 \
+                                         enforcing=1 badwords="" \
+                                         dictpath=/lib/cracklib/pw_dict
+# use sha512 hash for encryption, use shadow, and use the
+# authentication token (chosen password) set by pam_pwquality
+# above (or any previous modules)
+password  required    pam_unix.so        sha512 shadow use_authtok
+
+# End /etc/pam.d/system-password</literal>
+EOF
+</userinput></screen>
+
+  </sect2>
+    
   <sect2 role="content">
     <title>Contents</title>
 

Modified: trunk/BOOK/postlfs/security/linux-pam.xml
==============================================================================
--- trunk/BOOK/postlfs/security/linux-pam.xml   Mon Dec 24 13:21:18 2018        
(r20871)
+++ trunk/BOOK/postlfs/security/linux-pam.xml   Mon Dec 24 17:15:21 2018        
(r20872)
@@ -317,14 +317,16 @@
 <literal># Begin /etc/pam.d/system-password
 
 # check new passwords for strength (man pam_cracklib)
-password  required    pam_cracklib.so   type=Linux retry=3 difok=5 \
-                                        difignore=23 minlen=9 dcredit=1 \
-                                        ucredit=1 lcredit=1 ocredit=1 \
-                                        dictpath=/lib/cracklib/pw_dict
+password  required    pam_cracklib.so    authtok_type=UNIX retry=1 difok=5 \
+                                         minlen=9 dcredit=1 ucredit=1 \
+                                         lcredit=1 ocredit=1 minclass=0 \
+                                         maxrepeat=0 maxsequence0 \
+                                         maxclassrepeat=0 \
+                                         dictpath=/lib/cracklib/pw_dict
 # use sha512 hash for encryption, use shadow, and use the
 # authentication token (chosen password) set by pam_cracklib
 # above (or any previous modules)
-password  required    pam_unix.so       sha512 shadow use_authtok
+password  required    pam_unix.so        sha512 shadow use_authtok
 
 # End /etc/pam.d/system-password</literal>
 EOF</userinput></screen>
-- 
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Reply via email to