Reuben D. Budiardja wrote:
Hello,
Is there any way I can enforce so that the length of user's password is at least 8 characters?
For example, I can create initial passwords for my users. But then if they decide to change it using 'passwd' command, how do I enforce it that it has to be longer than 8 chars ?
My second question would be, how to ban user from changing their password? Should I remove the 'passwd' binary (or make it only executable by root.. to be less exterme <g> ) ? (This is only for specific machine where I don't want user to play around with their password for security purposes).
Thanks RDB
What you want to do is control this via cracklib module for the passwd PAM file. There are a variety of switches which cracklib will take that control password length, variation of characters etc. Specifically, the minlen="x" will force a minimum length on passwords.
Additionally, you will need to take into account the various default credits which are given for specific characters and perhaps alter their default value.
Since you wish to use passwords longer than 8 characters, make sure you are using md5 passwords and not crypt passwords. Crypt will only encrypt or obscure the first 8 characters of a password in /etc/shadow, thus effectively limiting the password length. md5 limits are much higher.
More info. can be found in any PAM guide.
Concerning not allowing users to change their passwords, this is in general a bad idea, instead I would concentrate on controlling the password usage, and how often they can be changed. Take a look at /etc/login.defs
--
-David Goode
Check Point Software
Solutions Center
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
