Dear All, I have recently installed CentOS 5 and is workin perfect i recently download n installed poppassd daemon ver 1.6a so as to let the users to change their password but when i try to change password i get the folling error 500 'BAD PASSWORD: it is based on a dictionary word' i tried googlin arround and tried to play with system-auth-ac file in /etc/pam.d but no use my system-auth-ac is as below auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth required pam_deny.so account required pam_unix.so account sufficient pam_succeed_if.so uid < 500 quiet account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so really apprecite your help regards simon -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
On Wed, 2007-08-22 at 17:23 +0300, mailadmin at baladia.gov.kw wrote:> Dear All, > > I have recently installed CentOS 5 and is workin perfect > > i recently download n installed poppassd daemon ver 1.6a so as to let the > users to change their password > but when i try to change password i get the folling error > > 500 'BAD PASSWORD: it is based on a dictionary word' > > i tried googlin arround and tried to play with > system-auth-ac file in /etc/pam.d but no useI know nothing about poppassd, but the message you are getting is probably coming from pam_cracklib. Among other things it will check: 1. If your password is based on a dictionary word. 2. If you password is a palindrome. 3. Similarity of your new password to the previous one. 4. If your password is a reverse of the previous password. 5. etc, etc. Most of these options are non-configurable. Using longer passwords seems to suppress some of the rejections. If you don't care about enforcing password complexity look here to disable it: http://kbase.redhat.com/faq/FAQ_44_6065.shtm Otherwise try using a stronger password. -Steve