Quick question to see what the community does for V-73159 (retry=3 on pam_pwquality.so line)
It was brought to my attention that my internal STIG documentation was setting the following in /etc/pam.d/system-auth password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type= But, the V-73159 fix text was using the “required” keyword instead of the “requisite”. I think the default line in system-auth, before being secured, uses “requisite”. So, I left it alone and simply made sure the retry=3 was set. It is my understanding from the man pam.conf page that the requisite key is similar to required but immediately returns the failure, that is, it is more strict than the “required” keyword. Is the fix text example in V-73159 just that, an example? Or is it a hard/fast rule to pass the STIG check with auditors to match the fix text? Thanks in advance Robert
_______________________________________________ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list
