- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - Linux
- >
- Re: how to disable complex password
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-02-2004 06:36 AM
тАО12-02-2004 06:36 AM
OS: rhl 9.0, FC2
Ordinary users have to provide complex password if they want to change/set their password.
How can I disable the complex password feature, so that ordinary users can set/change their password by providing simple/dictionary based password.
In short I want to enable dictionary-based or simple password.
Regards
Maaz
P.S. We dont have any security needs.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-02-2004 02:20 PM
тАО12-02-2004 02:20 PM
Re: how to disable complex password
I want my linux systems accept simple/dictionary-based password, from ordinary users, if they(ordinary users) wana change their password.
Regards
Maaz
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-02-2004 02:29 PM
тАО12-02-2004 02:29 PM
SolutionEdit your /etc/pam.d/passwd. The line that starts with 'password' is significant.
password required pam_stack.so service=system-auth
Replace the line with
password required pam_unix.so nullok md5 shadow
Now users should be able to choose 'simple' passwords (minimum length 6 characters).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-03-2004 06:12 AM
тАО12-03-2004 06:12 AM
Re: how to disable complex password
If u or anyone can plz explain what does the following line means ?
password required pam_unix.so nullok md5 shadow
Regards
Maaz
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-03-2004 08:47 AM
тАО12-03-2004 08:47 AM
Re: how to disable complex password
pam_unix now comes as one module pam_unix.so.
The following links are left for compatibility with old versions:
pam_unix_auth: authentication module providing
pam_authenticate() and pam_setcred() hooks
pam_unix_sess: session module, providing session logging
pam_unix_acct: account management, providing shadow account
managment features, password aging etc..
pam_unix_passwd: password updating facilities providing
cracklib password strength checking facilities.
The following options are recognized:
debug - log more debugging info
audit - a little more extreme than debug
use_first_pass - don't prompt the user for passwords
take them from PAM_ items instead
try_first_pass - don't prompt the user for the passwords
unless PAM_(OLD)AUTHTOK is unset
use_authtok - like try_first_pass, but * fail * if the new
PAM_AUTHTOK has not been previously set.
(intended for stacking password modules only)
not_set_pass - don't set the PAM_ items with the passwords
used by this module.
shadow - try to maintian a shadow based system.
md5 - when a user changes their password next,
encrypt it with the md5 algorithm.
bigcrypt - when a user changes their password next,
excrypt it with the DEC C2 - algorithm(0).
nodelay - used to prevent failed authentication
resulting in a delay of about 1 second.
nis - use NIS RPC for setting new password
remember=X - remember X old passwords, they are kept in
/etc/security/opasswd in MD5 crypted form
broken_shadow - ignore errors reading shadow information for
users in the account management module
invalid arguments are logged to syslog.
Chris
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-03-2004 10:43 AM
тАО12-03-2004 10:43 AM
Re: how to disable complex password
/etc/pam.d/passwd
password required pam_stack.so service=system-auth
The previous line refers /usr/bin/passwd command to use lines starting with 'password' in /etc/pam.d/system-auth file.
/etc/pam.d/system-auth
password required pam_cracklib.so retry=3 type=
password required pam_unix.so nullok use_authtok md5 shadow
password required pam_deny.so
Line containing pam_cracklib is responsible for strong password checking. Module pam_unix.so can also do some very basic password checks.
In my suggestion I have forced password command to use pam_unix.so module for password checking, which allows users to select simple passwords.
Hope that clears it up a bit.
Check directory /usr/share/doc/pam-*/txts on your RHL/FC system for more information.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-03-2004 01:35 PM
тАО12-03-2004 01:35 PM
Re: how to disable complex password
Once again, Thanks a Million.
Regards
Maaz