Re: RHEL7 How to configure password policies based on UID (ranges)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks Tomas! Perfect example.

Sent from my iPad

> On 23 Feb 2017, at 9:21 PM, Tomas Mraz <tmraz@xxxxxxxxxx> wrote:
> 
>> On Thu, 2017-02-23 at 05:53 +0000, Juha A. wrote:
>> Hi,
>> 
>> 
>> I would need to configure different password policy based on the
>> users UID.
>> 
>> For example:
>> 
>> - UID 1000-1999: Minimum Password Length = 15, 3 different character
>> classes
>> 
>> - UID 2000-2999: Minimum Password Length = 20, 4 different character
>> classes
>> 
>> 
>> The /etc/security/pwquality.conf does not seem to have a way to
>> configure different rules based on UID, but I was also unable to get
>> system-auth/password-auth to work properly.
>> 
>> 
>> Would anyone have advice on how to achieve the above?
> 
> 
> You could configure the PAM stack so that there would be two
> pam_pwquality lines with different options and skip over them with
> pam_succeed_if modules and jumps.
> 
> something like this: (untested, just for inspiration)
> 
> password    [success=2 default=ignore] pam_succeed_if.so uid >= 2000
> password    requisite     pam_pwquality.so try_first_pass retry=3 authtok_type= minlen=15 minclass=3
> password    [success=1 default=ignore] pam_permit.so
> password    requisite     pam_pwquality.so try_first_pass retry=3 authtok_type= minlen=20 minclass=4
> 
> -- 
> Tomas Mraz
> No matter how far down the wrong road you've gone, turn back.
>                                              Turkish proverb
> (You'll never know whether the road is wrong though.)
> 
> _______________________________________________
> Pam-list mailing list
> Pam-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/pam-list

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list



[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux