search for: difok

...ISA/pam_succeed_if.so uid < 100 quiet >account required /lib/security/$ISA/pam_permit.so #password requisite /lib/security/$ISA/pam_cracklib.so retry=3 #password requisite /lib/security/$ISA/pam_cracklib.so retry=3 minlen=10 ucredit=-2 lcredit=-2 dcredit=-2 ocredit=-2 difok=3 # Changed to 15 character length password password requisite /lib/security/$ISA/pam_cracklib.so retry=3 minlen=15 ucredit=-2 lcredit=-2 dcredit=-2 ocredit=-2 difok=3 # Remember the last 15 passwords password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow rem...

CentOS-6.6 Is there any command line program that determines and reports what pam_cracklib.so returns for a given password; subject to variation in the command line options and values provided? For example, assuming a cli driver program called cli_driver_pgm: cli_driver_pgm pam_cracklib.so difok=8 minlen=14 dcredit=3 ucredit=3 lcredit=3 ocredit=3 minclass=2 maxrepeat=3 maxsequence=3 reject_username gecoscheck -- somepassword -> pam_cracklib calculated minlen value for somepassword My Google-fu appears to have deserted me. -- *** E-Mail is NOT a SECURE channel ***...

...d entry for user %s.", user ); return PAM_USER_UNKNOWN; } I don't think there should be any difference between these two bits of code (and I've not yet tested it) but I don't understand why this is failing... password requisite pam_cracklib.so retry=3 minlen=6 difok=3 debug password [user_unknown=ignore success=ok new_authtok_reqd=ok ignore=ignore default=bad] pam_ldap.so use_first_pass password required pam_unix.so use_first_pass nullok md5 debug password [user_unknown=ignore success=ok new_authtok_reqd=ok ignore=ignore default=bad] pam_smbpass.so use_f...

...usr/local/sbin. I added the following line to my smb.conf file: check password script = /usr/local/sbin/crackcheck Edited /etc/pam.d/common-password to look like this: password required pam_unix.so nullok obscure min=4 max=8 md5 password required pam_cracklib.so retry=3 minlen=6 difok=3 password required pam_unix.so use_authtok nullok md5 Restarted Samba and tried to change my password from a Windows box and smbpasswd. I get this error when using smbpasswd: machine 127.0.0.1 rejected the (anonymous) password change: Error was : Password restriction. Failed to change...

Hi, I have some databases running on CentOS4 with users accessing the shell (bash), so I'd like to strong the security on my server in user's accounts and passwords.. I mean, enforcing strong passwords, min/max age passwords, locking passwords when you fail 3 times, and all this stuff. Is there any package which do this work? Any tutorial? Thanks in advance Regards Israel

A non-root user is trying to change their password but cannot because of the message: BAD PASSWORD: it is based on a dictionary word They swear its not true. Anyways, I was just curious where (if anywhere) the config file lies for this functionality. Do you know? -mike

...pam_unix.so broken_shadow account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_ldap.so account required pam_permit.so password requisite pam_cracklib.so type= retry=3 difok=3 minlen=8 dcredit=-1 ocredit=-1 ucredit=-1 lcredit=0 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password sufficient pam_ldap.so use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required...

...required pam_shells.so account requisite pam_noulogin.so account required pam_unix.so session required pam_unix.so session required pam_limits.so session optional pam_motd.so # [1] session optional pam_mail.so standard # [1] password required pam_cracklib.so retry=3 minlen=8 difok=3 password required pam_unix.so use_authtok nullok md5 system is Debian 3.0 source to my pam_noulogin module is at penguinppc.org/~eb/pam-noulogin/ this module has also been tested with plain login, and works just as it should. source is available at http://penguinppc.org/~eb/files/pam-noulog...

Hello all, Can anyone please help out with configuring PAM? I've checked a couple of tutorials online.. though most of them are related to Login though I want to set PAM up for SSH logins... I've set the max erroneous logins to just THREE and even after trying to login with an error pass I still can get in... also is there a way I could enable the PAM module which uses crack library to

...ss.so nodelay smbconf=/etc/samba/smb.conf system-auth auth required pam_env.so auth required pam_unix.so try_first_pass likeauth nullok auth optional pam_permit.so auth optional pam_smbpass.so migrate account required pam_unix.so account optional pam_permit.so password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password required pam_unix.so try_first_pass use_authtok nullok sha512 shadow password optional pam_permit.so password required pam_smbpass.so nullok use_authok try_first_pass session required pam_limits.so session required pam_env.so session required pam_uni...

...m_env.so auth sufficient pam_pgsql.so auth sufficient pam_unix.so likeauth nullok use_first_pass auth required pam_deny.so account sufficient pam_pgsql.so account sufficient pam_unix.so account required pam_deny.so password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_pgsql.so password sufficient pam_unix.so nullok md5 shadow use_authtok password required pam_deny.so session required pam_limits.so session required pam_unix.so The problem is that if I try to authenticate...

...pam_env.so auth sufficient pam_pgsql.so auth sufficient pam_unix.so likeauth nullok use_first_pass auth required pam_deny.so account sufficient pam_pgsql.so account sufficient pam_unix.so account required pam_deny.so password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so nullok md5 shadow use_authtok password sufficient pam_pgsql.so use_first_pass password required pam_deny.so session required pam_limits.so session required pam_unix.so /etc/samba/smb.conf: workgroup...

...4. /etc/pam.d/common-account account [success=2 new_authtok_reqd=done default=ignore] pam_unix.so account [success=1 default=ignore] pam_ldap.so account requisite pam_deny.so account required pam_permit.so 5. /etc/pam.d/common-password password requisite pam_cracklib.so retry=3 minlen=8 difok=3 password [success=2 default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512 password [success=1 user_unknown=ignore default=die] pam_ldap.so use_authtok try_first_pass password requisite pam_deny.so password required pam_permit.so password optional pam_smbpass.so nullok use_au...

Hi Everybody, maybe we are just too stupid, but for me it seems that there is some problem with holding passwords completely sync between *NIX-world and WIN-world when I use LDAP & Samba. If a user changes a password under Windows, with "passwd chat" the *NIX-Password (attribute: userPassword) can be changend very well besides the both Samba-LDAP-attributes lmPassword and

...ed pam_winbind.so debug My /etc/pam.d/system-auth file: auth required pam_nologin.so auth required pam_env.so auth sufficient pam_unix.so likeauth nullok auth required pam_deny.so account required pam_unix.so password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so nullok md5 shadow use_authtok password required pam_deny.so session required pam_limits.so session required pam_quota_xfs.so bsoftlimit=719688 bhardlimit=719688 session required pam_mkhomedir.so sk...

...hat this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 auth sufficient pam_winbind.so auth required pam_unix.so nullok obscure min=4 max=8 md5 try_first_pass # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from ot...

...pam_deny.so auth required pam_permit.so > # cat /etc/pam.d/common-password|egrep -v '^#|^$' root at pdc:~# cat /etc/pam.d/common-password|egrep -v '^#|^$' password requisite pam_cracklib.so reject_username retry=3 minlen=18 difok=3 maxrepeat=2 minclass=4 lcredit=0 ucredit=2 dcredit=1 ocredit=1 password required pam_pwhistory.so use_authtok enforce_for_root remember=5 password [success=2 default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512 password [success...

I have been ready everything I can regarding this setup but am having a problem that I am unsure of. I am unable to authenticate any user despite the following commands working: %> getent passwd <username> %> wbinfo -u %> wbinfo -g With the getent passwd I am able to see all of my UID/GID being mapped via winbdind to the rid of the domain user account. This command fails: %>

We have a small Ubuntu 9.10 file server in a large Win 2003/2008 domain. There is no X nor web browser in the server. I have rights to join machines to the domain, but I'm not an Administrator There is about 10 users in this server, who want to authenticate with domain passwords when they mount their home directories to WindowsXP workstations. The ssh passwords should be local and separated

...quired pam_unix.so account sufficient pam_succeed_if.so uid < 100 quiet account sufficient pam_stack.so service=krb5-secdom account required pam_permit.so password requisite pam_cracklib.so retry=3 type=local minlen=7 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1 difok=3 difignore=15 password sufficient pam_unix.so md5 shadow nullok use_authtok remember=24 password sufficient pam_stack.so service=krb5-secdom password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session [succes...