1839157 Members
3744 Online
110136 Solutions
New Discussion

Re: User password

 
ivychung2
Frequent Advisor

User password

In the Redhat server , I will force the user change the password regularly by "chage -d0 userid", could suggest how to prevent the user use the simple password eg. 123456 ? thx.
5 REPLIES 5
Ivan Ferreira
Honored Contributor

Re: User password

Normally, the pam_cracklib is enabled and it does not allow the use of simple passwords.

Check your /etc/pam.d/system-auth file, you should have lines like this:

password requisite /lib/security/$ISA/pam_cracklib.so retry=3

Only root can force the use of simple passwords.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
ivychung2
Frequent Advisor

Re: User password

thx reply ,

I check that the setting you said is existed in my server , I found that when I use the simple password , the server will prompt me the password is too simple ( BAD PASSWORD: it is too simplistic/systematic ) but it still allow me to use this simple password , I think this only a warning message , could suggest how can I provent the user use it ? thx in advance.
Ajay Agarwal
Frequent Advisor

Re: User password

You can customize you PAM to add password integrity checkers, such as pam_passwdqc (available from http://www.openwall.com/passwdqc/) or write your own module. For a list of available PAM modules, see http://www.kernel.org/pub/linux/libs/pam/modules.html. For more information about PAM, see the chapter titled Pluggable Authentication Modules (PAM) in the Official Red Hat Linux Reference Guide.
Ajay Agarwal
Frequent Advisor

Re: User password

I would also encourage you to check out this link: http://forums1.itrc.hp.com/service/forums/helptips.do?#28 to learn about the point system of this forum.
Vitaly Karasik_1
Honored Contributor

Re: User password

>I check that the setting you said is >existed in my server , I found that when I >use the simple password , the server will >prompt me the password is too simple ( BAD >PASSWORD: it is too >simplistic/systematic ) but it still allow >me to use this simple password , I think >this only a warning message , could >suggest how can I provent the user use >it ? thx in advance.

run "passwd" as regular user and you'll see that regular user cannot set trivial password.
And for root it's just warning!