topic Re: Linux Password Policy in Operating System - Linux

Linux Password Policy

yyghp — Fri, 06 May 2005 10:04:45 GMT

How to change the linux password policy to be less restriction ?

When I want to change the password for regular user, it shows me:

BAD PASSWORD: is too simple
New password:
BAD PASSWORD: it's WAY too short
...

Because it's a testing server, no security issue here needs to be concerned, the user can use the password like "abc" or "123".

Thanks !

Re: Linux Password Policy

Florian Heigl (new acc) — Fri, 06 May 2005 10:50:17 GMT

look, I honestly don't want to help You change that. It's always just test servers, test accounts and test sites that are used to break into people's sites and feel comfy inside.

for a good and easy password generator, check out the Advanced Password Generator 'apg', I won't stop You from keeping the passwords in a binder, but I really can't find any difference in using 123 or Gesw53!AA\ as a password except the number of letters.

Re: Linux Password Policy

yyghp — Fri, 06 May 2005 13:08:44 GMT

because I was asked to setup users who are working in the warehouse and prefer to use 4 digit numbers as password.

where's "apg" ? I couldn't find it from my Red Hat Enterprise Linux 3.
Thanks !

Re: Linux Password Policy

Florian Heigl (new acc) — Fri, 06 May 2005 16:33:38 GMT

hehe - warehouse spells 'easy terminal access' to me, but I'll shut up and put paranoia aside:

the rpm's here should work for You:
http://dag.wieers.com/packages/apg/

a small example:

vault:/home/floh$ apg -m 4 -x 4 -a 0
Quom
liv2
utdo
Haf2
Fons
ukgi
(this was the 'pronouncable' mode)

vault:/home/floh$ apg -m 4 -x 4 -a 1
T5fu
+u.y
FjGr
LjtO
AUy~
W)cp
(and this wasn't)

vault:/home/floh$ apg -m 4 -x 4 -a 1 -M n
0548
6928
7237
7693
6676
8916
(and this finally get's You quite random 4-digit numbers, which will hopefully make people keep them a bit safer)

Re: Linux Password Policy

Steven E. Protter — Fri, 06 May 2005 17:56:21 GMT

Linux uses a version of crack to test password complexity. It prvents regular users from using dictionary words and such.

That package may be able to be removed from your system.

You can violate the normal password rules by having root user or an operator with sudo capability set the passwords manually.

SEP

Re: Linux Password Policy

Ermin Borovac — Sat, 07 May 2005 00:35:00 GMT

This is really not recommended, but here's how to change it.

Minimum password length you can have is 6 characters. This limit is hardcoded into pam_cracklib module.

To allow simple 6 character passwords (e.g. abc123) modify /etc/pam.d/system-auth as descibed below.

Change

password requisite /lib/security/$ISA/pam_cracklib.so retry=3

to

password requisite /lib/security/$ISA/pam_cracklib.so retry=3 minlen=6 dcredit=0 ucredit=0 ocredit=0 lcredit=0 difok=0

There's good documentation about PAM modules in /usr/share/doc/pam-/txts/README.pam_

Re: Linux Password Policy

Bejoy C Alias — Mon, 09 May 2005 05:28:12 GMT

If you dont want to do more cracking it is better to change the user passwords by root himself ( as it is a testing server )