Author: dj Date: Mon Dec 24 17:15:21 2018 New Revision: 20872 Log: Update pam_cracklib configuration with modern options and provide replacement configuration with pam_pwqaulity.
Modified: trunk/BOOK/general.ent trunk/BOOK/introduction/welcome/changelog.xml trunk/BOOK/postlfs/security/libpwquality.xml trunk/BOOK/postlfs/security/linux-pam.xml Modified: trunk/BOOK/general.ent ============================================================================== --- trunk/BOOK/general.ent Mon Dec 24 13:21:18 2018 (r20871) +++ trunk/BOOK/general.ent Mon Dec 24 17:15:21 2018 (r20872) @@ -1,12 +1,12 @@ <!-- $LastChangedBy$ $Date$ --> -<!ENTITY day "23"> <!-- Always 2 digits --> +<!ENTITY day "25"> <!-- Always 2 digits --> <!ENTITY month "12"> <!-- Always 2 digits --> <!ENTITY year "2018"> <!ENTITY copyrightdate "2001-&year;"> <!ENTITY copyholder "The BLFS Development Team"> <!ENTITY version "&year;-&month;-&day;"> -<!ENTITY releasedate "December 23rd, &year;"> +<!ENTITY releasedate "December 25rd, &year;"> <!ENTITY pubdate "&year;-&month;-&day;"> <!-- metadata req. by TLDP --> <!ENTITY blfs-version "svn"> <!-- svn|[release #] --> <!ENTITY lfs-version "development"> <!-- x.y|development --> Modified: trunk/BOOK/introduction/welcome/changelog.xml ============================================================================== --- trunk/BOOK/introduction/welcome/changelog.xml Mon Dec 24 13:21:18 2018 (r20871) +++ trunk/BOOK/introduction/welcome/changelog.xml Mon Dec 24 17:15:21 2018 (r20872) @@ -42,6 +42,16 @@ </listitem> --> <listitem> + <para>December 25th, 2018</para> + <itemizedlist> + <listitem> + <para>[dj] - Update pam_cracklib configuration with modern options + and provide replacement configuration with pam_pwqaulity.</para> + </listitem> + </itemizedlist> + </listitem> + + <listitem> <para>December 23rd, 2018</para> <itemizedlist> <listitem> Modified: trunk/BOOK/postlfs/security/libpwquality.xml ============================================================================== --- trunk/BOOK/postlfs/security/libpwquality.xml Mon Dec 24 13:21:18 2018 (r20871) +++ trunk/BOOK/postlfs/security/libpwquality.xml Mon Dec 24 17:15:21 2018 (r20872) @@ -113,6 +113,42 @@ </sect2> + <sect2 role="configuration"> + <title>Configuring Libpwquality</title> + + <para> + <application>Libpwquality</application> is intended to be a + functional replacement for the <filename>pam_cracklib.so</filename> + module with additional options. To replace the + <filename>pam_cracklib.so</filename> module with the + <filename>pam_pwquality.so</filename> module, execute the following + commands as the <systemitem class="username">root</systemitem> user: + </para> + +<screen role="root"><userinput>mv /etc/pam.d/system-password{,.orig} && +cat > /etc/pam.d/system-password << "EOF" +<literal># Begin /etc/pam.d/system-password + +# check new passwords for strength (man pam_pwquality) +password required pam_pwquality.so authtok_type=UNIX retry=1 difok=1 \ + minlen=8 dcredit=0 ucredit=0 \ + lcredit=0 ocredit=0 minclass=1 \ + maxrepeat=0 maxsequence=0 \ + maxclassrepeat=0 geoscheck=0 \ + dictcheck=1 usercheck=1 \ + enforcing=1 badwords="" \ + dictpath=/lib/cracklib/pw_dict +# use sha512 hash for encryption, use shadow, and use the +# authentication token (chosen password) set by pam_pwquality +# above (or any previous modules) +password required pam_unix.so sha512 shadow use_authtok + +# End /etc/pam.d/system-password</literal> +EOF +</userinput></screen> + + </sect2> + <sect2 role="content"> <title>Contents</title> Modified: trunk/BOOK/postlfs/security/linux-pam.xml ============================================================================== --- trunk/BOOK/postlfs/security/linux-pam.xml Mon Dec 24 13:21:18 2018 (r20871) +++ trunk/BOOK/postlfs/security/linux-pam.xml Mon Dec 24 17:15:21 2018 (r20872) @@ -317,14 +317,16 @@ <literal># Begin /etc/pam.d/system-password # check new passwords for strength (man pam_cracklib) -password required pam_cracklib.so type=Linux retry=3 difok=5 \ - difignore=23 minlen=9 dcredit=1 \ - ucredit=1 lcredit=1 ocredit=1 \ - dictpath=/lib/cracklib/pw_dict +password required pam_cracklib.so authtok_type=UNIX retry=1 difok=5 \ + minlen=9 dcredit=1 ucredit=1 \ + lcredit=1 ocredit=1 minclass=0 \ + maxrepeat=0 maxsequence0 \ + maxclassrepeat=0 \ + dictpath=/lib/cracklib/pw_dict # use sha512 hash for encryption, use shadow, and use the # authentication token (chosen password) set by pam_cracklib # above (or any previous modules) -password required pam_unix.so sha512 shadow use_authtok +password required pam_unix.so sha512 shadow use_authtok # End /etc/pam.d/system-password</literal> EOF</userinput></screen> -- http://lists.linuxfromscratch.org/listinfo/blfs-book FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page