On 07/28/2010 05:46 AM, Win Htin wrote:
Hi folks,
How can I set the following;
. password complexity
. password length
. which set of words are required in the password
. automatic lockout after certain number of attempts
. check to see if the new password has been used previously
. etc ..
My experience for managing the above type of requirements was through
CA's AccessControl program only and am wondering if it can be done
with standard RHEL5 tools.
There are no "tools" for it as far as I know but it can be configured
using the PAM pam_cracklib.so module.
If you look in /etc/pam.d/system-auth you will see a line like;
password requisite pam_cracklib.so try_first_pass retry=3
By adding options to this line you can configure the password
requirements. More in `man pam_cracklib` but this as an example I use;
pam_cracklib.so try_first_pass retry=3 lcredit=0 ucredit=0 dcredit=1
ocredit=0 minlen=6 difok=3
{l,u,d,o)credit lines are for Lower, Upper, Digit, Other(symbol)
requirements. minlen and difok control the length and different from
previous password requirements. There are numerous other options
including custom dictionaries.
Probably worth reading up on PAM itself if you're planning to mess with it.
Also, anyone has experience setting up "pam_passwdqc"?
No, Sorry.
Thanks in advance,
Win
--
Tim
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list
