HPE Community
Operating System - Linux
1827889 Members
1668 Online
109969 Solutions
New Discussion

Password Complexity Question

 
SOLVED
Go to solution
Jeff Ohlhausen
Frequent Advisor

‎08-15-2005 03:34 AM

‎08-15-2005 03:34 AM

Password Complexity Question

Hi,
We are changing lots of passwords to comply with password complexity requirements. However, I know there are certain characters which are not acceptable for O/S users. In fact, in the passwd man page there is the following statement:
Care must be taken not to include the system default erase or kill characters. passwd will reject any password which is not suitably complex.

Can anyone tell me:
a) what those characters are
b) evidence to support this

Thanks
Jeff
Do or do not - there is no try.
0 Kudos
Reply
4 REPLIES 4
Rick Garland
Honored Contributor

‎08-15-2005 04:11 AM

‎08-15-2005 04:11 AM

Re: Password Complexity Question

A couple of these special characters are * and !.

Linux uses the /etc/shadow file to store the passwds. An example of the * character is that it is used to denote a disabled/locked acct.

An example of the ! character is if you use the commands 'passwd -l' or 'usermod -L'. This will place the ! character in front of the encrypted passwd effectively locking/disabling the acct.

There is also the configuration of the pam module that will allow/disallow certain characters. You can define this to be loose or tight, however you want.

With the pam_cracklib module you can enforce various restrictions.
0 Kudos
Reply
Ross Minkov
Esteemed Contributor

‎08-15-2005 05:20 AM

‎08-15-2005 05:20 AM

Re: Password Complexity Question

Jeff,

Read the Linux-PAM System Administrators' Guide by Andrew G. Morgan at:

http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam.html

-Ross
0 Kudos
Reply
Jeff Ohlhausen
Frequent Advisor

‎08-15-2005 05:26 AM

‎08-15-2005 05:26 AM

Re: Password Complexity Question

Everyone,
Thank you for your help so far but we still haven't really answered the original question.
1. Where can I get a list of 'bad' characters
Thanks
Jeff
Do or do not - there is no try.
0 Kudos
Reply
Ranjith_5
Honored Contributor

‎08-15-2005 05:30 AM

‎08-15-2005 05:30 AM

Solution

Re: Password Complexity Question

Hi Jeff,

he other 2 cases of special case characters are "@" and "#". But the problem is only occurs when you use a telnet session. In an SSH session none of these characters causes problems. In telnet session you can use "\" just before '@" ot "#". Normally in other unixes I havent faced problems with "!" character. "!" is found to be taken as a normal charactersbut not the other two.For example assume your password is P@ssw0rd!23.
Here you can disable the special case of "@" bye using "P\@ssw0rd!23".

I have a tried this in HP-UX.


Regards,
Syam
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.