Re: restrict passwords

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

hello,

  Thanks for this good information. I probe it and I have a little problem: I 
cannot lock the user account.

  Log shows:
Jul 25 12:43:07 pc1 login(pam_unix)[13002]: 3 more authentication failures;
logname= uid=0 euid=0 tty=tty4 ruser= rhost=  user=prueba
Jul 25 12:43:07 pc1 login(pam_unix)[13002]: service(login) ignoring max 
retries; 4 > 3
Jul 25 12:43:11 pc1 login(pam_unix)[13003]: session opened for user prueba by 
(uid=0)

  I write a wrong password 3 times, and after I can enter in my account. Why?

  My /etc/pam.d/system-auth is now:

auth        required      /lib/security/pam_env.so
auth        sufficient    /lib/security/pam_unix.so likeauth nullok
auth        required      /lib/security/pam_deny.so

account     required      /lib/security/pam_unix.so
account     required      /lib/security/pam_tally.so deny=3 no_magic_root 
reset

password    required      /lib/security/pam_cracklib.so retry=3 type= difok=2 
minlen=7
password    sufficient    /lib/security/pam_unix.so nullok use_authtok md5
shadow remember=3
password    required      /lib/security/pam_deny.so

session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so

  thanks and regards,
    rozio

El Lun 21 Jul 2003 15:48, Andrew Shewmaker ha dicho:
> Rocio Alfonso Pita wrote:
> > Hello,
> >
> >   I want to configure the users passwords so:
> >
> > - minimum ttl for password
> > - maximum ttl for password
> > - maximum repeat 2 characters
> > - user cannot repeat the 2 lastest passwords.
> > - if user fail his password for 3 times, lock his account.
> >
> >   The minimum and maximum ttl I can to configure with "passwd" or in
> > /etc/logins.defs.
>
> I found this site very helpful when I was setting up something
> similar to you.
>
> http://www.puschitz.com/Security.shtml
>
> -Andrew

-- 
Este  correo  electrónico  y  los documentos que lo acompañan pueden contener 
información reservada y/o confidencial, dirigida exclusivamente al uso del 
destinatario. Si Vd. no es el destinatario, no está autorizado a copiar o 
distribuir esta comunicación a ninguna otra persona. Si ha recibido este 
correo electrónico por error, le rogamos nos lo devuelva y lo elimine de su 
sistema. Gracias.
_____________________________________
Rocío Alfonso Pita
Dpto. Sistemas
Universal Support S.A.U.
Tlf: +34 981 779 140 ext. 6209 
Fax: +34 981 779 141
_____________________________________


_______________________________________________

Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux