Offline David and I have discovered that the fact pam_unix is compiled with cracklib support by redhat so the default stack is being checked by libcrack twice. His workaround for now is to use pam_pwdb. I'm itching to release 0.73. So those out there who maintain their own trees, be prepared to synch up. Sourceforce is up to date with all I plan to include in this release, bar some 'make release' code. Cheers Andrew David Homer wrote: > > Hello, > > I have purchased RedHat 7 standard and Im having problems with PAM (I spoke > to Michael) see below for our conversation and he suggested I speak to > you... > > Basically I want to use WU IMAP but this uses PAM which is too good! I need > to be able for users to set simple passwords (this is for schools) without > the usual password length and dictionary checks... > > I tried removing the pam_cracklibs line from /etc/pam.d/system-auth but with > no luck (see conversation below) > > Any ideas? The council is about to bin this project in exchange from M$ > Proxy and Exchange server if I dont get it sussed this week... > > Thanks loads, > > Dave > > >From: "Michael K. Johnson" <johnsonm@redhat.com> > >To: "David Homer" <davidhomer@hotmail.com> > >Subject: Re: Security PAM Problem > >Date: Wed, 29 Nov 2000 13:40:41 -0500 > > > > > >I gave you another contact; pam-list@redhat.com is better than asking > >any one person. I haven't personally been involved in PAM for a few > >years. That doesn't mean that no one at Red Hat has any idea. I > >am just in a completely different group and it's not what I specialize > >in any more. > > > >michaelkjohnson > > > > "He that composes himself is wiser than he that composes a book." > > Linux Application Development -- Ben Franklin > > http://people.redhat.com/johnsonm/lad/ > > > > > >"David Homer" writes: > > >Oh man! You're from RedHat and you dont know... This is not good - is > >there > > >anyone else at RedHat that might know about this > > > > > >This is basically going to get my project binned and Linux scrapped > >totally > > >from being used in the schools if I dont sort this THIS WEEK! > > > > > >Please any other contacts or anything will be much appreciated!!!! > > > > > > > > >Thanks again > > > > > > > > >Dave > > > > > > > > > > > > > > >>From: "Michael K. Johnson" <johnsonm@redhat.com> > > >>To: "David Homer" <davidhomer@hotmail.com> > > >>Subject: Re: Security PAM Problem > > >>Date: Wed, 29 Nov 2000 12:13:40 -0500 > > >> > > >> > > >>Then I'm not sure; pam_unix might be doing its own checks. I haven't > > >>touched pam for a while... pam-list is probably a better place to > > >>ask. > > >> > > >>michaelkjohnson > > >> > > >> "He that composes himself is wiser than he that composes a book." > > >> Linux Application Development -- Ben Franklin > > >> http://people.redhat.com/johnsonm/lad/ > > >> > > >> > > >>"David Homer" writes: > > >> >Hey thanks for the reply! > > >> > > > >> >I am using RedHat 7 and the version of PAM that came with RedHat7 > > >> > > > >> >The file that is used system-auth - I have edited the system-auth file > > >>and > > >> >commented out the pam_craclib line and now the first time I put a > > >>password > > >> >in it doesnt check it but it then asks for the password to be > >confirmed > > >>and > > >> >the usual rules kick in and the password is rejected based on size, > > >> >dictionary check etc etc > > >> > > > >> >Am I missing something here > > >> > > > >> > > > >> >PS I also removed the pam_cracklib.so file so its not using it... > > >> > > > >> > > > >> >Thanks > > >> > > > >> > > > >> >Dave > > >> > > > >> > > > >> > > > >> > > > >> >>From: "Michael K. Johnson" <johnsonm@redhat.com> > > >> >>To: "David Homer" <davidhomer@hotmail.com> > > >> >>Subject: Re: Security PAM Problem > > >> >>Date: Wed, 29 Nov 2000 10:04:55 -0500 > > >> >> > > >> >> > > >> >>/etc/pam.d/passwd or system-auth (depending on version) > > >> >>remove or comment out the pam_cracklib line. > > >> >> > > >> >>"David Homer" writes: > > >> >> >Hello, > > >> >> > > > >> >> > > > >> >> >Sorry to bother you but I have a problem with PAM in that it gives > >too > > >> >>much > > >> >> >security and I've seen that you deal with PAM. > > >> >> > > > >> >> > > > >> >> > > > >> >> >I need users to be able to change their password to a simple four > > >>letter > > >> >>or > > >> >> >more word with no dictionary checks etc... (This is for schools > >e-mail > > >> >> >servers) > > >> >> > > > >> >> > > > >> >> > > > >> >> >I am using RedHat 7 with PAM-0.72-26 that came with it > > >> >> > > > >> >> > > > >> >> > > > >> >> >What I've done... > > >> >> > > > >> >> >I have edited /etc/pam.d/system-auth and commented out the > > >> >>pam_cracklib.so > > >> >> >line and when you put the new password in its ok but when you are > > >>asked > > >> >>to > > >> >> >reenter password the normal check applies and the passwords are > > >>rejected > > >> >>by > > >> >> >length, dictionary check and not enough different characters etc > >etc > > >> >> > > > >> >> > > > >> >> >How can I stop these checks for new user passwords? > > >> >> > > > >> >> > > > >> >> >Any help would be great! > > >> >> > > > >> >> > > > >> >> >Thanks > > >> >> > > > >> >> > > > >> >> >Dave > > >> >> > > > >> >> > > > >> >> > > >> > > >_____________________________________________________________________________________ > > >> >> >Get more from the Web. FREE MSN Explorer download : > > >> >>http://explorer.msn.com > > >> >> > > > >> >> > > >> > > > >> > > >_____________________________________________________________________________________ > > >> >Get more from the Web. FREE MSN Explorer download : > > >>http://explorer.msn.com > > >> > > > >> > > > > > >_____________________________________________________________________________________ > > >Get more from the Web. FREE MSN Explorer download : > >http://explorer.msn.com > > > > > > > _____________________________________________________________________________________ > Get more from the Web. FREE MSN Explorer download : http://explorer.msn.com > > _______________________________________________ > > Pam-list@redhat.com > https://listman.redhat.com/mailman/listinfo/pam-list
