Re: pam_cracklib password length problem

["Scott Gentry" <sgentry6@xxxxxxxxx>]

Are you attempting to change the password as root?  If so cracklib doesn't check length or any of the other parameters in that line from what I recall.  If you need passwords by root to be verified I suggest that you check out the Openwall project.  Specifically the passwdqc module that they provide:

http://www.openwall.com/passwdqc/

It allows for much more stringent rules to be followed.

On 4/26/07, k03fra-pam@xxxxxxxx <k03fra-pam@xxxxxxxx> wrote:

I have been attempting enable pam_cracklib to check the minimum password length.
Therefore I've added minlen=10 to the cracklib line of the password section of /etc/pam.d/system-auth of a asterisk@home/CentOS3 installation. All other lines are unchanged.

#%PAM-1.0
#This file ......
...
password     required    /lib/security/$ISA/pam_cracklib.so retry=3 minlen=10
password     sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password     required    /lib/security/$ISA/pam_deny.so

Still passwords with a minimum of 6 characters are accepted. If I change retry to 5, 5 retries are possible. This tell me I must be editing the correct file.
I'm sure something is missing but after searching the web I still can't figure out what it is.

---

Heute schon einen Blick in die Zukunft von E-Mails wagen? Versuchen Sie´s mit dem neuen Yahoo! Mail.

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list