https://community.hpe.com/t5/operating-system-linux/control-the-password/m-p/3091404#M7143 It's not exactly a 'problem', as Steven explains (hey, don't you sleep, Steven ?). <BR />By default, the system protects from weak password, from the line Vitaly quotes, if you use pam, and using cracklib as a weak password database.<BR />If you want to stop this feature, you can unactivate this check from pam module, or uninstall database (so no weak password anymore).<BR />The only thing you can do from webmin is, under pam authentification, uncheck login, such no requiring pam for login, which is definetely a bad idea.<BR /><BR />J Mon, 13 Oct 2003 04:49:46 GMT Jerome Henry 2003-10-13T04:49:46Z https://community.hpe.com/t5/operating-system-linux/control-the-password/m-p/3091397#M7136 when I install the RH linux , I 've set to use the default setting to control the user can't use a specific password eg. too simple , the word in dictionary , the password has been used previously, how can I disable this control so that users can use the password the password they want ? thx. Mon, 13 Oct 2003 01:16:20 GMT https://community.hpe.com/t5/operating-system-linux/control-the-password/m-p/3091397#M7136 juno2 2003-10-13T01:16:20Z https://community.hpe.com/t5/operating-system-linux/control-the-password/m-p/3091398#M7137 2 steps :<BR /><BR />- Uninstall cracklib.<BR />- Solve your points assignment issue...<BR /><BR />Tks<BR /><BR />J Mon, 13 Oct 2003 01:46:08 GMT https://community.hpe.com/t5/operating-system-linux/control-the-password/m-p/3091398#M7137 Jerome Henry 2003-10-13T01:46:08Z https://community.hpe.com/t5/operating-system-linux/control-the-password/m-p/3091399#M7138 thx reply,<BR /><BR />could you advise how to "Uninstall cracklib" ? is there other more simple method ? thx. Mon, 13 Oct 2003 02:08:10 GMT https://community.hpe.com/t5/operating-system-linux/control-the-password/m-p/3091399#M7138 juno2 2003-10-13T02:08:10Z https://community.hpe.com/t5/operating-system-linux/control-the-password/m-p/3091400#M7139 The default behavior of Red Hat Linux, from my esperience v 6-v9 is to warn the root user and prevent other users from using illegal passwords.<BR /> <BR />This is a good thing.<BR /> <BR />Anyone thats telling you to remove this functionality is telling you to make your systems insecure.<BR /> <BR />If you run crack against a password file not protected this way, it will guess passwords. I ran crack against a HP-UX non-trusted system and it guessed a dozen passwords out of 160 users.<BR /> <BR />In other words, not good.<BR /> <BR />You can the rpm command to uninstall the cracklib.<BR /><BR /> <BR />rpm -q cracklib <BR />gets you the version number. Then you can use rpm to uninstall.<BR /> <BR />I totally agree with Jerome's comments. You are a heavy user here. Please show a wee bit more respect to the community that answers your questions.<BR /> <BR />It beats paying for help right?<BR /> <BR />SEP Mon, 13 Oct 2003 02:08:58 GMT https://community.hpe.com/t5/operating-system-linux/control-the-password/m-p/3091400#M7139 Steven E. Protter 2003-10-13T02:08:58Z https://community.hpe.com/t5/operating-system-linux/control-the-password/m-p/3091401#M7140 thx reply,<BR /><BR />what is the impact to uninstall cracklib <BR />? it will only disable to control the password or more ? if not , is there other method to fix the problem ? Thx.<BR /><BR />sorry , i know i need to assign pts , I will do it within two days .<BR /><BR /><BR /> Mon, 13 Oct 2003 02:27:49 GMT https://community.hpe.com/t5/operating-system-linux/control-the-password/m-p/3091401#M7140 juno2 2003-10-13T02:27:49Z https://community.hpe.com/t5/operating-system-linux/control-the-password/m-p/3091402#M7141 instead of uninstall the cracklib , can fix the problem by the existing tools , eg. webmin or others ? thx. Mon, 13 Oct 2003 02:34:00 GMT https://community.hpe.com/t5/operating-system-linux/control-the-password/m-p/3091402#M7141 juno2 2003-10-13T02:34:00Z https://community.hpe.com/t5/operating-system-linux/control-the-password/m-p/3091403#M7142 to remove pam_cracklib string from /etc/pam.d/system-auth ? Mon, 13 Oct 2003 03:33:15 GMT https://community.hpe.com/t5/operating-system-linux/control-the-password/m-p/3091403#M7142 Vitaly Karasik_1 2003-10-13T03:33:15Z https://community.hpe.com/t5/operating-system-linux/control-the-password/m-p/3091404#M7143 It's not exactly a 'problem', as Steven explains (hey, don't you sleep, Steven ?). <BR />By default, the system protects from weak password, from the line Vitaly quotes, if you use pam, and using cracklib as a weak password database.<BR />If you want to stop this feature, you can unactivate this check from pam module, or uninstall database (so no weak password anymore).<BR />The only thing you can do from webmin is, under pam authentification, uncheck login, such no requiring pam for login, which is definetely a bad idea.<BR /><BR />J Mon, 13 Oct 2003 04:49:46 GMT https://community.hpe.com/t5/operating-system-linux/control-the-password/m-p/3091404#M7143 Jerome Henry 2003-10-13T04:49:46Z https://community.hpe.com/t5/operating-system-linux/control-the-password/m-p/3091405#M7144 <BR />You seem to have lot of problem with password lately, but dont turn to such drastic methode<BR />I will join the crowed and advice again it ! <BR />keep the history file active.<BR /> <BR />Dont let your user/management impose this, explain/defend to them that this is against everyone interest.<BR /> <BR />If the task of keeping up is hard and you need more information on password management, take the time to read the following link I have found this read to be time well spend.<BR /> <BR /><A href="http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/security-guide/s1-wstation-pass.html" target="_blank">http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/security-guide/s1-wstation-pass.html</A><BR /> <BR />Keep at it !<BR /> <BR />J-P<BR /> <BR />"Jolie couvre chef sir Jerome Henry" (french --&gt; means something like "nice hat on your head mylord Jerome Henry).<BR /><BR /> <BR /> Mon, 13 Oct 2003 06:18:07 GMT https://community.hpe.com/t5/operating-system-linux/control-the-password/m-p/3091405#M7144 Huc_1 2003-10-13T06:18:07Z https://community.hpe.com/t5/operating-system-linux/control-the-password/m-p/3091406#M7145 Also note that removing these additional checks will not solve the issues of locking when two different users try to change their passwords at the same time. Mon, 13 Oct 2003 09:22:19 GMT https://community.hpe.com/t5/operating-system-linux/control-the-password/m-p/3091406#M7145 Martin P.J. Zinser 2003-10-13T09:22:19Z https://community.hpe.com/t5/operating-system-linux/control-the-password/m-p/3091407#M7146 Any feed back progress /yet on this issue?<BR />still a problem?<BR /><BR />J-P<BR /> Wed, 15 Oct 2003 06:43:25 GMT https://community.hpe.com/t5/operating-system-linux/control-the-password/m-p/3091407#M7146 Huc_1 2003-10-15T06:43:25Z https://community.hpe.com/t5/operating-system-linux/control-the-password/m-p/3091408#M7147 hi juno,<BR />considering all ur past posts regarding passwd and chage i think u want password aging enabled for ur users. i also remember u saying that u have nearly 200 users.<BR />whenever a user tries to change his/her password the /etc/passwd file is locked and the lock is only released after the changes are saved. i dont think u can disable this feature or if there a workaround for it.<BR />try enabling aging for a batch of users each day so that all users dont try to do it simultaneously.<BR />or else dont enable password aging for the same number of days for all users.<BR />HTH<BR />aparna<BR /><BR />P.S. would like to know how/whenever u solve this issue.<BR /> Wed, 15 Oct 2003 07:24:24 GMT https://community.hpe.com/t5/operating-system-linux/control-the-password/m-p/3091408#M7147 aparna challagulla 2003-10-15T07:24:24Z