search for: lcredit

I''m trying to change the password complexity requirements in pam.d/system-auth using augeas. I can append the values (lcredit=-1, ucredit=-1, etc) onto the correct place, but if another value is already present (i.e. lcredit=-2), the onlyif match statement doesn''t seem to support checking regular expressions inside of strings. How do I check that any numeric value exists in the argument?? define password...

...ed_if.so uid >= 500 quiet auth required pam_deny.so account required pam_tally.so account required pam_unix.so account sufficient pam_succeed_if.so uid < 500 quiet account required pam_permit.so password requisite pam_cracklib.so minlen=8 lcredit=2 ucredit=2 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succee...

...sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet >account required /lib/security/$ISA/pam_permit.so #password requisite /lib/security/$ISA/pam_cracklib.so retry=3 #password requisite /lib/security/$ISA/pam_cracklib.so retry=3 minlen=10 ucredit=-2 lcredit=-2 dcredit=-2 ocredit=-2 difok=3 # Changed to 15 character length password password requisite /lib/security/$ISA/pam_cracklib.so retry=3 minlen=15 ucredit=-2 lcredit=-2 dcredit=-2 ocredit=-2 difok=3 # Remember the last 15 passwords password sufficient /lib/security/$ISA/pam_unix.so nu...

...ine program that determines and reports what pam_cracklib.so returns for a given password; subject to variation in the command line options and values provided? For example, assuming a cli driver program called cli_driver_pgm: cli_driver_pgm pam_cracklib.so difok=8 minlen=14 dcredit=3 ucredit=3 lcredit=3 ocredit=3 minclass=2 maxrepeat=3 maxsequence=3 reject_username gecoscheck -- somepassword -> pam_cracklib calculated minlen value for somepassword My Google-fu appears to have deserted me. -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:By...

Hi, I have some databases running on CentOS4 with users accessing the shell (bash), so I'd like to strong the security on my server in user's accounts and passwords.. I mean, enforcing strong passwords, min/max age passwords, locking passwords when you fail 3 times, and all this stuff. Is there any package which do this work? Any tutorial? Thanks in advance Regards Israel

Hey gang, I seem to be having a brain disconnect on how to get the Augeas type to manage things that have multiple values (i.e. an Augeas tree) via Puppet. If I run this in augtool: augtool> set /files/etc/ssh/sshd_config/AllowGroups/1000 sshuser augtool> save I see this in /etc/ssh/sshd_config: AllowGroups sshuser However, if I try this in an Augeas type: augeas {

...pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_ldap.so account required pam_permit.so password requisite pam_cracklib.so type= retry=3 difok=3 minlen=8 dcredit=-1 ocredit=-1 ucredit=-1 lcredit=0 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password sufficient pam_ldap.so use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session optional pam_mkhomed...

...500 quiet account [default=bad success=ok user_unknown=ignore] pam_krb5.so account [default=bad success=ok user_unknown=ignore] pam_winbind.so cached_login account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 minlen=12 dcredit=1 ucredit=1 lcredit=1 ocredit=1 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password sufficient pam_krb5.so use_authtok password sufficient pam_winbind.so cached_login use_authtok password required pam_deny.so session optional pam_keyinit.so revoke s...

...*authentication*tokens*updated*successfully* /etc/pam.d/samba: auth required pam_unix.so nullok account required pam_unix.so session required pam_unix.so password required pam_cracklib.so minlen=20 ocredit=5 ucredit=3 dcredit=3 lcredit=1 password required pam_unix.so Now I have changed the part in smb.conf to be like this: passwd program = /usr/bin/ldappasswd -D cn=root,dc=neonatus,dc=net -x -w 'password_for_root_user' -S uid=%u,ou=People,dc=neonatus,dc=net passwd chat = *New*password*%n\n*new*password*%n\n...

...pam_permit.so > # cat /etc/pam.d/common-password|egrep -v '^#|^$' root at pdc:~# cat /etc/pam.d/common-password|egrep -v '^#|^$' password requisite pam_cracklib.so reject_username retry=3 minlen=18 difok=3 maxrepeat=2 minclass=4 lcredit=0 ucredit=2 dcredit=1 ocredit=1 password required pam_pwhistory.so use_authtok enforce_for_root remember=5 password [success=2 default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512 password [success=1 user_unknown=ignore default=die...

.../pam_mkhomedir.so skel=/etc/skel/ umaks=0022 session optional /lib/security/pam_console.so -------------- next part -------------- #%PAM-1.0 auth required /lib/security/pam_winbind.so shadow account required /lib/security/pam_winbind.so password required /lib/security/pam_cracklib.so lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1 retry=3 password required /lib/security/pam_unix.so use_authtok md5 shadow -------------- next part -------------- auth required pam_winbind.so account required pam_winbind.so session required pam_mkhomedir.so skel=/etc/samba/skel umask=0022 password require...

.../pam_mkhomedir.so skel=/etc/skel/ umaks=0022 session optional /lib/security/pam_console.so -------------- next part -------------- #%PAM-1.0 auth required /lib/security/pam_winbind.so shadow account required /lib/security/pam_winbind.so password required /lib/security/pam_cracklib.so lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1 retry=3 password required /lib/security/pam_unix.so use_authtok md5 shadow -------------- next part -------------- auth required pam_winbind.so account required pam_winbind.so session required pam_mkhomedir.so skel=/etc/samba/skel umask=0022 password require...

...pam_tally.so magic_root account required pam_unix.so account sufficient pam_succeed_if.so uid < 100 quiet account sufficient pam_stack.so service=krb5-secdom account required pam_permit.so password requisite pam_cracklib.so retry=3 type=local minlen=7 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1 difok=3 difignore=15 password sufficient pam_unix.so md5 shadow nullok use_authtok remember=24 password sufficient pam_stack.so service=krb5-secdom password required pam_deny.so session optional pam_keyinit.so revoke session requi...

...ord|egrep -v '^#|^$' > >> > >> root at pdc:~# cat /etc/pam.d/common-password|egrep -v '^#|^$' > >> password requisite pam_cracklib.so > >> reject_username retry=3 minlen=18 difok=3 maxrepeat=2 minclass=4 > >> lcredit=0 ucredit=2 dcredit=1 ocredit=1 > >> password required pam_pwhistory.so > >> use_authtok enforce_for_root remember=5 > >> password [success=2 default=ignore] pam_unix.so > >> obscure use_authtok try_first_pass sha512 >...

Migration was held in connection with the breakdown of the old server after setting up a new server stopped working to add windows pc to a domain root at pdc:/var/log/samba# cat /etc/samba/smb.conf [global] # Default options allow nt4 crypto = yes client ntlmv2 auth = no disable spoolss = yes dns proxy

...reports what > pam_cracklib.so returns for a given password; subject to variation > in the command line options and values provided? For example, > assuming a cli driver program called cli_driver_pgm: > > cli_driver_pgm pam_cracklib.so difok=8 minlen=14 dcredit=3 > ucredit=3 lcredit=3 ocredit=3 minclass=2 maxrepeat=3 maxsequence=3 > reject_username gecoscheck -- somepassword > > -> pam_cracklib calculated minlen value for somepassword > > > My Google-fu appears to have deserted me. > Googling for `"pam_cracklib" cli tool` got me a recomm...