password policies

rob.pellicaan_at_sns.nl
Date: 12/29/04

Next message: cent: "determine default filename encoding"
Previous message: marco_at_damico.lu: "Re: Dual boot - Linux (Red-Hat) & Acronis Secure Zone"
Next in thread: Bill Unruh: "Re: password policies"
Reply: Bill Unruh: "Re: password policies"
Reply: Michael Heiming: "Re: password policies"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: 29 Dec 2004 05:29:01 -0800

Hi,

I am trying to implement several password policies on SuSe Linux

- A user password must have a length of 8 characters
- All user passwords may not repeat more than 2 characters
- The rootuser password must contain at least 2 non-alphabetic
characters
- A new chosen password must at least be unchangeable for 3 days
- A password must be changed within 60 days
- The last 12 chosen passwords cannot be reused
- Users must be warned 5 days before their password expires
- A useraccount is locked when 3 consecutive unsuccesfull login
attempts occur

Now ONLY the first items (password length) I could set (PASS_MIN_LEN 8
in /etc/login.defs)

But could anybody tell me how to set the other?

By default 'Cracklib' support is enabled (password: use_cracklib md5
nullok in /etc/pam.d/passwd).
OBSCURE_CHECKS_ENAB in the login.defs is also set to yes
But both options do not seem to help matters; when I for example try to
set a password using only lowercase characters, say 'qwertyuiopasd' (of
minimum password length), the system simply allows me without a
warning.

I also tried to specify passwd to use pam_cracklib.so (in
/etc/pam.d/passwd) instead of pam_pwcheck with the following
parameters: retry=3 debug dcredit=-1 ucredit=-1 ocredit=-1 lcredit=-1
minlen=12.
Now the strange is that boh retry=3 and debug are working fine, but the
other settings seem to be ignored on passwd. But even worse, with my
new password set, I can't login with that new password. Is there a know
bug in the cracklib module?
I am using Suse 8.2 out of the box.

What am I doing wrong?

Next message: cent: "determine default filename encoding"
Previous message: marco_at_damico.lu: "Re: Dual boot - Linux (Red-Hat) & Acronis Secure Zone"
Next in thread: Bill Unruh: "Re: password policies"
Reply: Bill Unruh: "Re: password policies"
Reply: Michael Heiming: "Re: password policies"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages

brute forcing - numbers of passwords possible?
... A software allows a user password of up to 62 characters, ... set of 95 characters. ... When talking about brute forcing such a password is it best to say "there ... about X/2? ...
(sci.crypt)
Re: runas.exe not accept non-ascii passwords
... > Some user password have non standard ascii characters. ... Open notepad and type some text containing the non-ASCII characters. ...
(microsoft.public.win2000.cmdprompt.admin)
Re: runas.exe not accept non-ascii passwords
... > Some user password have non standard ascii characters. ... Open notepad and type some text containing the non-ASCII characters. ...
(microsoft.public.windowsxp.security_admin)
[SLE] Locale troubles with Suse 9.1
... non-Scandinavian accented letter messes up in big way. ... writing with non-a-to-z characters becomes uneditable. ... but this seems to be deeper in Suse Linux 9.1 -- currently I ...
(SuSE)