> Date: Tue, 14 Jul 2009 15:47:03 +0300 > From: a bv <vbavbalist@xxxxxxxxx> > Subject: Re: Setting a password policy > To: General Red Hat Linux discussion list <redhat-list@xxxxxxxxxx> > Message-ID: > <525320ef0907140547x61f6ea79hde4dd7d49b88e2ed@xxxxxxxxxxxxxx> > Content-Type: text/plain; charset=ISO-8859-1 > > Hi > > I m trying to set password policies on my Redhat EL 3,4,5 boxes. I use > the http://brandonhutchinson.com/wiki/Linux_Password_Policy link and > also found your http://sial.org/howto/linux/pam_tally/ . > > For the /var/log/faillog part Ive found that there is a already file > at a Redhat 5 (with a size), but doesnt exits on a 4 box. So i created > it on Redhat 4 as given, but the log file size is 0. Also when i try > to cat or more the faillog file on 5 box which has a size, brings > nothing. > So how can i make the system log the failed attemps? > > Regards > > 2009/7/3, Daniel Carrillo <daniel.carrillo@xxxxxxxxx>: > > 2009/7/3 a bv <vbavbalist@xxxxxxxxx>: > >> Hi list, > >> > >> Im in a need of setting a password policy on some Redhat > EL 3,4,5 x. > >> Im giving the policy below and im asked to if this is > possible and if > >> how. > >> > >> -Passwords to change 90 days instead of 180 > >> -Password change must be forced by the system > > > > As root: > > $> chage -M 90 user_login > > > >> -Password length must be at least 6 characters long > >> -Last 3 passwords to be remembered by the system and dont > let these to > >> be used at the password change > >> - When 6 logon attempt fails occur , the system to lock > that ID/user > >> -Complexity (optinional) > > > > This behaviour (and something else) is managed by pam modules: > > > > > http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/De ployment_Guide-en-US/ch-pam.html > > > > Hope this helps. > > > > -- > > redhat-list mailing list > > unsubscribe > mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > > https://www.redhat.com/mailman/listinfo/redhat-list > > > > > > ------------------------------ > > Message: 2 > Date: Tue, 14 Jul 2009 14:57:28 +0200 > From: Daniel Carrillo <daniel.carrillo@xxxxxxxxx> > Subject: Re: Setting a password policy > To: General Red Hat Linux discussion list <redhat-list@xxxxxxxxxx> > Message-ID: > <a8dd8ba40907140557u2dc07632y2ee5a5e531fb4218@xxxxxxxxxxxxxx> > Content-Type: text/plain; charset=ISO-8859-1 > > 2009/7/14 a bv <vbavbalist@xxxxxxxxx>: > > Hi > > > > I m trying to set password policies on my Redhat EL 3,4,5 > boxes. I use > > the http://brandonhutchinson.com/wiki/Linux_Password_Policy link and > > also found your http://sial.org/howto/linux/pam_tally/ . > > > > For the /var/log/faillog part Ive found ?that there is a > already file > > at a Redhat 5 (with a size), but doesnt exits on a 4 box. > So i created > > it on Redhat 4 as given, but the log file size is 0. Also when i try > > to cat or more the faillog file on 5 box which has a size, brings > > nothing. > > So how can i make the system log the failed attemps? > > I'm not sure to understand you. But, you can see the failed logs in > /var/log/secure > > Hope this helps. > > > > ------------------------------ Most everything password is handled by PAM. Each version of RHEL has a different version of PAM. As with most software, the features changed over time. More than likely the version of PAM for RHEL3 will not do most of what you want. In RHEL4 you have to manually set up the pam tally features including putting the faillog file in /var/log. Once the pam tally entries are made and successfully tested, there will be entries in the faillog file. While /var/log/secure and /var/log/messages will report on failed login attempts, the /var/log/faillog file is where the locking of the accounts is managed. If you set it up to lock an account after 5 failed attempts, it's here that information is kept and will lock the user account. It is here that you unlock the user account. The faillog file is not an ascii text file and cannot be managed as such. There is a PAM Red Hat list where the archives speak to much of your questions with details and you will receive more informed responses to your posts. Patti Clark - RHCT, GSEC Sr. Linux/UNIX System Administrator Office of Scientific and Technical Information -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subjecthttps://www.redhat.com/mailman/listinfo/redhat-list