Hello, I have purchased RedHat 7 standard and Im having problems with PAM (I spoke to Michael) see below for our conversation and he suggested I speak to you... Basically I want to use WU IMAP but this uses PAM which is too good! I need to be able for users to set simple passwords (this is for schools) without the usual password length and dictionary checks... I tried removing the pam_cracklibs line from /etc/pam.d/system-auth but with no luck (see conversation below) Any ideas? The council is about to bin this project in exchange from M$ Proxy and Exchange server if I dont get it sussed this week... Thanks loads, Dave >From: "Michael K. Johnson" <johnsonm@redhat.com> >To: "David Homer" <davidhomer@hotmail.com> >Subject: Re: Security PAM Problem >Date: Wed, 29 Nov 2000 13:40:41 -0500 > > >I gave you another contact; pam-list@redhat.com is better than asking >any one person. I haven't personally been involved in PAM for a few >years. That doesn't mean that no one at Red Hat has any idea. I >am just in a completely different group and it's not what I specialize >in any more. > >michaelkjohnson > > "He that composes himself is wiser than he that composes a book." > Linux Application Development -- Ben Franklin > http://people.redhat.com/johnsonm/lad/ > > >"David Homer" writes: > >Oh man! You're from RedHat and you dont know... This is not good - is >there > >anyone else at RedHat that might know about this > > > >This is basically going to get my project binned and Linux scrapped >totally > >from being used in the schools if I dont sort this THIS WEEK! > > > >Please any other contacts or anything will be much appreciated!!!! > > > > > >Thanks again > > > > > >Dave > > > > > > > > > >>From: "Michael K. Johnson" <johnsonm@redhat.com> > >>To: "David Homer" <davidhomer@hotmail.com> > >>Subject: Re: Security PAM Problem > >>Date: Wed, 29 Nov 2000 12:13:40 -0500 > >> > >> > >>Then I'm not sure; pam_unix might be doing its own checks. I haven't > >>touched pam for a while... pam-list is probably a better place to > >>ask. > >> > >>michaelkjohnson > >> > >> "He that composes himself is wiser than he that composes a book." > >> Linux Application Development -- Ben Franklin > >> http://people.redhat.com/johnsonm/lad/ > >> > >> > >>"David Homer" writes: > >> >Hey thanks for the reply! > >> > > >> >I am using RedHat 7 and the version of PAM that came with RedHat7 > >> > > >> >The file that is used system-auth - I have edited the system-auth file > >>and > >> >commented out the pam_craclib line and now the first time I put a > >>password > >> >in it doesnt check it but it then asks for the password to be >confirmed > >>and > >> >the usual rules kick in and the password is rejected based on size, > >> >dictionary check etc etc > >> > > >> >Am I missing something here > >> > > >> > > >> >PS I also removed the pam_cracklib.so file so its not using it... > >> > > >> > > >> >Thanks > >> > > >> > > >> >Dave > >> > > >> > > >> > > >> > > >> >>From: "Michael K. Johnson" <johnsonm@redhat.com> > >> >>To: "David Homer" <davidhomer@hotmail.com> > >> >>Subject: Re: Security PAM Problem > >> >>Date: Wed, 29 Nov 2000 10:04:55 -0500 > >> >> > >> >> > >> >>/etc/pam.d/passwd or system-auth (depending on version) > >> >>remove or comment out the pam_cracklib line. > >> >> > >> >>"David Homer" writes: > >> >> >Hello, > >> >> > > >> >> > > >> >> >Sorry to bother you but I have a problem with PAM in that it gives >too > >> >>much > >> >> >security and I've seen that you deal with PAM. > >> >> > > >> >> > > >> >> > > >> >> >I need users to be able to change their password to a simple four > >>letter > >> >>or > >> >> >more word with no dictionary checks etc... (This is for schools >e-mail > >> >> >servers) > >> >> > > >> >> > > >> >> > > >> >> >I am using RedHat 7 with PAM-0.72-26 that came with it > >> >> > > >> >> > > >> >> > > >> >> >What I've done... > >> >> > > >> >> >I have edited /etc/pam.d/system-auth and commented out the > >> >>pam_cracklib.so > >> >> >line and when you put the new password in its ok but when you are > >>asked > >> >>to > >> >> >reenter password the normal check applies and the passwords are > >>rejected > >> >>by > >> >> >length, dictionary check and not enough different characters etc >etc > >> >> > > >> >> > > >> >> >How can I stop these checks for new user passwords? > >> >> > > >> >> > > >> >> >Any help would be great! > >> >> > > >> >> > > >> >> >Thanks > >> >> > > >> >> > > >> >> >Dave > >> >> > > >> >> > > >> >> > >> > >_____________________________________________________________________________________ > >> >> >Get more from the Web. FREE MSN Explorer download : > >> >>http://explorer.msn.com > >> >> > > >> >> > >> > > >> > >_____________________________________________________________________________________ > >> >Get more from the Web. FREE MSN Explorer download : > >>http://explorer.msn.com > >> > > >> > > > >_____________________________________________________________________________________ > >Get more from the Web. FREE MSN Explorer download : >http://explorer.msn.com > > > _____________________________________________________________________________________ Get more from the Web. FREE MSN Explorer download : http://explorer.msn.com
