HPE Community
Operating System - Linux
1820643 Members
1956 Online
109626 Solutions
New Discussion юеВ

Re: Linux Password Policy

 
SOLVED
Go to solution
yyghp
Super Advisor

тАО05-06-2005 03:04 AM

тАО05-06-2005 03:04 AM

Linux Password Policy

How to change the linux password policy to be less restriction ?

When I want to change the password for regular user, it shows me:

BAD PASSWORD: is too simple
New password:
BAD PASSWORD: it's WAY too short
...

Because it's a testing server, no security issue here needs to be concerned, the user can use the password like "abc" or "123".

Thanks !
0 Kudos
Reply
6 REPLIES 6
Florian Heigl (new acc)
Honored Contributor

тАО05-06-2005 03:50 AM

тАО05-06-2005 03:50 AM

Re: Linux Password Policy

look, I honestly don't want to help You change that. It's always just test servers, test accounts and test sites that are used to break into people's sites and feel comfy inside.

for a good and easy password generator, check out the Advanced Password Generator 'apg', I won't stop You from keeping the passwords in a binder, but I really can't find any difference in using 123 or Gesw53!AA\ as a password except the number of letters.
yesterday I stood at the edge. Today I'm one step ahead.
0 Kudos
Reply
yyghp
Super Advisor

тАО05-06-2005 06:08 AM

тАО05-06-2005 06:08 AM

Re: Linux Password Policy

because I was asked to setup users who are working in the warehouse and prefer to use 4 digit numbers as password.

where's "apg" ? I couldn't find it from my Red Hat Enterprise Linux 3.
Thanks !

0 Kudos
Reply
Florian Heigl (new acc)
Honored Contributor

тАО05-06-2005 09:33 AM

тАО05-06-2005 09:33 AM

Re: Linux Password Policy

hehe - warehouse spells 'easy terminal access' to me, but I'll shut up and put paranoia aside:

the rpm's here should work for You:
http://dag.wieers.com/packages/apg/

a small example:

vault:/home/floh$ apg -m 4 -x 4 -a 0
Quom
liv2
utdo
Haf2
Fons
ukgi
(this was the 'pronouncable' mode)

vault:/home/floh$ apg -m 4 -x 4 -a 1
T5fu
+u.y
FjGr
LjtO
AUy~
W)cp
(and this wasn't)

vault:/home/floh$ apg -m 4 -x 4 -a 1 -M n
0548
6928
7237
7693
6676
8916
(and this finally get's You quite random 4-digit numbers, which will hopefully make people keep them a bit safer)

yesterday I stood at the edge. Today I'm one step ahead.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО05-06-2005 10:56 AM

тАО05-06-2005 10:56 AM

Re: Linux Password Policy

Linux uses a version of crack to test password complexity. It prvents regular users from using dictionary words and such.

That package may be able to be removed from your system.

You can violate the normal password rules by having root user or an operator with sudo capability set the passwords manually.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Ermin Borovac
Honored Contributor

тАО05-06-2005 05:35 PM

тАО05-06-2005 05:35 PM

Solution

Re: Linux Password Policy

This is really not recommended, but here's how to change it.

Minimum password length you can have is 6 characters. This limit is hardcoded into pam_cracklib module.

To allow simple 6 character passwords (e.g. abc123) modify /etc/pam.d/system-auth as descibed below.

Change

password requisite /lib/security/$ISA/pam_cracklib.so retry=3

to

password requisite /lib/security/$ISA/pam_cracklib.so retry=3 minlen=6 dcredit=0 ucredit=0 ocredit=0 lcredit=0 difok=0

There's good documentation about PAM modules in /usr/share/doc/pam-/txts/README.pam_
Reply
Bejoy C Alias
Respected Contributor

тАО05-08-2005 10:28 PM

тАО05-08-2005 10:28 PM

Re: Linux Password Policy

If you dont want to do more cracking it is better to change the user passwords by root himself ( as it is a testing server )
Be Always Joy ......
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.