- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - Linux
- >
- Redhat - Amending password policy
Operating System - Linux
1819794
Members
3423
Online
109607
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-20-2008 06:34 AM
тАО08-20-2008 06:34 AM
Redhat - Amending password policy
Hi
I have a need to view / change the password policy on a number of Redhat (Red Hat Enterprise Linux ES release 4) boxes. I need to be able to enforce the following for each server using a script:
1. Minimum password 7 chars,
2. At least two alphabetic chars in password,
3. At lease one numeric char in password,
4. Old password use must be prevented.
5. Non priviledged accounts passwords to be changed every 90 days
6. Shared priviledged accounts (root) passwords to be changed every 30 days
7. Minimum Five / Recommended three unsuccessful login attempts.
Could anybody point me in the direction of tools to do this using native redhat software. ie avoiding 3rd parties ?
Thanks
I have a need to view / change the password policy on a number of Redhat (Red Hat Enterprise Linux ES release 4) boxes. I need to be able to enforce the following for each server using a script:
1. Minimum password 7 chars,
2. At least two alphabetic chars in password,
3. At lease one numeric char in password,
4. Old password use must be prevented.
5. Non priviledged accounts passwords to be changed every 90 days
6. Shared priviledged accounts (root) passwords to be changed every 30 days
7. Minimum Five / Recommended three unsuccessful login attempts.
Could anybody point me in the direction of tools to do this using native redhat software. ie avoiding 3rd parties ?
Thanks
5 REPLIES 5
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-20-2008 06:39 AM
тАО08-20-2008 06:39 AM
Re: Redhat - Amending password policy
Shalom,
I think you can do it all native.
vi /etc/login.defs
http://www.puschitz.com/SecuringLinux.shtml#EnablingPasswordAging
SEP
I think you can do it all native.
vi /etc/login.defs
http://www.puschitz.com/SecuringLinux.shtml#EnablingPasswordAging
SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-20-2008 07:28 AM
тАО08-20-2008 07:28 AM
Re: Redhat - Amending password policy
Thanks for replying. I've had a search round the interweb and found posts stating that 'login' now does not look to /etc/login.defs for params. I did find the below which states pam maybe able to do what I'm asking. I'll do some testing and post back.
Thanks again.
http://www.deer-run.com/~hal/sysadmin/pam_cracklib.html
Thanks again.
http://www.deer-run.com/~hal/sysadmin/pam_cracklib.html
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-20-2008 10:55 AM
тАО08-20-2008 10:55 AM
Re: Redhat - Amending password policy
Yes, you must use pam_cracklib, for example, add to /etc/pam.d/system-auth
password required pam_cracklib.so retry=3 minlen=11 difok=3 lcredit=0 ucredit=1
dcredit=1 ocredit=1
password required pam_cracklib.so retry=3 minlen=11 difok=3 lcredit=0 ucredit=1
dcredit=1 ocredit=1
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-05-2008 05:11 AM
тАО09-05-2008 05:11 AM
Re: Redhat - Amending password policy
Hi, I've setup a test environment to play with PAM. Below is my edited /etc/pam.d/system-auth file. It doesn't seem to work. I've tested using passwd, ie passwd root and the system allows me to use passwords with less then 7 chars. Can anybody suggest anything ?
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account required /lib/security/$ISA/pam_permit.so
password required /lib/security/$ISA/pam_cracklib.so retry=3 minlen=7
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account required /lib/security/$ISA/pam_permit.so
password required /lib/security/$ISA/pam_cracklib.so retry=3 minlen=7
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-05-2008 10:10 PM
тАО09-05-2008 10:10 PM
Re: Redhat - Amending password policy
Hi wurzul
This pam restrictions doesnt apply for root and when passwd cmd is run from root for difernet user.
Try Loggin in with the user and try changing the passwd
Karthik
This pam restrictions doesnt apply for root and when passwd cmd is run from root for difernet user.
Try Loggin in with the user and try changing the passwd
Karthik
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Learn About
News and Events
Support
© Copyright 2025 Hewlett Packard Enterprise Development LP