-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John O'Loughlin wrote: > > Dear All > > Does anyone know how to set up password complexity rules? I'm fairly > sure there has to be some /etc/pam.d/system-auth settings for this, I > can't find any examples. /usr/share/doc/pam-0.*/html/index.html /usr/share/doc/pam_passwdqc-*/README basically you have 2 choices - standard pam_cracklib (which takes a length arg and optional extra credit scores) pam_passwdqc which nis more complicated. read the > > Also, is NIS pam aware? If a user runs yppasswd will the pam settings > apply? Nis does not need to be PAM-aware - the local passwd command is. In fact technically just 'passwd' should be enough... (as long as the 'nis' argmuent is passed to pam_unix. This also makes things uniform - all users just use the passwd command, whether they are nis users or not. As for yppasswdd , dunno. It doesn't use PAM AFAIK the three pam lines you should have will be something like (simplified!) password requisite ...pamcracklib.so args... password sufficient pam_unix.so ... nis password required pam_deny.so so password strengths are checked *before* the NIS service and the whole 'password' group exits if the pass is not good enough. regards Stuart - -- Stuart Sears RHCA RHCX To err is human, to forgive is Not Company Policy. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFEbajoamPtx1brPQ4RAranAJ48tZ5yUeblYhEo2bqkgdQ8pEZ8ngCfS19q 195yYYkzVOYKuCOKmslCkKo= =oKZU -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
