search for: ocredit

...it=*''] size == 0", } augeas { "add_special_reqs" : context => "/files/etc/pam.d", changes => "set system-auth/*[module=''pam_cracklib.so'']/argument[last()+1] ocredit=-$special", onlyif => "match system-auth/*[argument=''ocredit=*''] size == 0", } } This will continuously append lcredit=-2, etc onto the end of the line, without checking the values that currently exist: ----------...

...uth required pam_deny.so account required pam_tally.so account required pam_unix.so account sufficient pam_succeed_if.so uid < 500 quiet account required pam_permit.so password requisite pam_cracklib.so minlen=8 lcredit=2 ucredit=2 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet...

.../security/$ISA/pam_succeed_if.so uid < 100 quiet >account required /lib/security/$ISA/pam_permit.so #password requisite /lib/security/$ISA/pam_cracklib.so retry=3 #password requisite /lib/security/$ISA/pam_cracklib.so retry=3 minlen=10 ucredit=-2 lcredit=-2 dcredit=-2 ocredit=-2 difok=3 # Changed to 15 character length password password requisite /lib/security/$ISA/pam_cracklib.so retry=3 minlen=15 ucredit=-2 lcredit=-2 dcredit=-2 ocredit=-2 difok=3 # Remember the last 15 passwords password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 s...

...m that determines and reports what pam_cracklib.so returns for a given password; subject to variation in the command line options and values provided? For example, assuming a cli driver program called cli_driver_pgm: cli_driver_pgm pam_cracklib.so difok=8 minlen=14 dcredit=3 ucredit=3 lcredit=3 ocredit=3 minclass=2 maxrepeat=3 maxsequence=3 reject_username gecoscheck -- somepassword -> pam_cracklib calculated minlen value for somepassword My Google-fu appears to have deserted me. -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at H...

Hi, I have some databases running on CentOS4 with users accessing the shell (bash), so I'd like to strong the security on my server in user's accounts and passwords.. I mean, enforcing strong passwords, min/max age passwords, locking passwords when you fail 3 times, and all this stuff. Is there any package which do this work? Any tutorial? Thanks in advance Regards Israel

Hey gang, I seem to be having a brain disconnect on how to get the Augeas type to manage things that have multiple values (i.e. an Augeas tree) via Puppet. If I run this in augtool: augtool> set /files/etc/ssh/sshd_config/AllowGroups/1000 sshuser augtool> save I see this in /etc/ssh/sshd_config: AllowGroups sshuser However, if I try this in an Augeas type: augeas {

...account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_ldap.so account required pam_permit.so password requisite pam_cracklib.so type= retry=3 difok=3 minlen=8 dcredit=-1 ocredit=-1 ucredit=-1 lcredit=0 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password sufficient pam_ldap.so use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session opt...

...samba/smb.conf system-auth auth required pam_env.so auth required pam_unix.so try_first_pass likeauth nullok auth optional pam_permit.so auth optional pam_smbpass.so migrate account required pam_unix.so account optional pam_permit.so password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password required pam_unix.so try_first_pass use_authtok nullok sha512 shadow password optional pam_permit.so password required pam_smbpass.so nullok use_authok try_first_pass session required pam_limits.so session required pam_env.so session required pam_unix.so session optional pam_per...

...account [default=bad success=ok user_unknown=ignore] pam_krb5.so account [default=bad success=ok user_unknown=ignore] pam_winbind.so cached_login account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 minlen=12 dcredit=1 ucredit=1 lcredit=1 ocredit=1 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password sufficient pam_krb5.so use_authtok password sufficient pam_winbind.so cached_login use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session...

...ew*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* /etc/pam.d/samba: auth required pam_unix.so nullok account required pam_unix.so session required pam_unix.so password required pam_cracklib.so minlen=20 ocredit=5 ucredit=3 dcredit=3 lcredit=1 password required pam_unix.so Now I have changed the part in smb.conf to be like this: passwd program = /usr/bin/ldappasswd -D cn=root,dc=neonatus,dc=net -x -w 'password_for_root_user' -S uid=%u,ou=People,dc=neonatus,dc=net passwd chat = *New*pa...

...nt pam_pgsql.so auth sufficient pam_unix.so likeauth nullok use_first_pass auth required pam_deny.so account sufficient pam_pgsql.so account sufficient pam_unix.so account required pam_deny.so password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_pgsql.so password sufficient pam_unix.so nullok md5 shadow use_authtok password required pam_deny.so session required pam_limits.so session required pam_unix.so The problem is that if I try to authenticate using the user on PostgreSQL...

...cient pam_pgsql.so auth sufficient pam_unix.so likeauth nullok use_first_pass auth required pam_deny.so account sufficient pam_pgsql.so account sufficient pam_unix.so account required pam_deny.so password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so nullok md5 shadow use_authtok password sufficient pam_pgsql.so use_first_pass password required pam_deny.so session required pam_limits.so session required pam_unix.so /etc/samba/smb.conf: workgroup = test netbios name = server...

...My /etc/pam.d/system-auth file: auth required pam_nologin.so auth required pam_env.so auth sufficient pam_unix.so likeauth nullok auth required pam_deny.so account required pam_unix.so password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so nullok md5 shadow use_authtok password required pam_deny.so session required pam_limits.so session required pam_quota_xfs.so bsoftlimit=719688 bhardlimit=719688 session required pam_mkhomedir.so skel=/etc/skel.net umask=077 se...

...t.so > # cat /etc/pam.d/common-password|egrep -v '^#|^$' root at pdc:~# cat /etc/pam.d/common-password|egrep -v '^#|^$' password requisite pam_cracklib.so reject_username retry=3 minlen=18 difok=3 maxrepeat=2 minclass=4 lcredit=0 ucredit=2 dcredit=1 ocredit=1 password required pam_pwhistory.so use_authtok enforce_for_root remember=5 password [success=2 default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512 password [success=1 user_unknown=ignore default=die] pam_ldap.so use_authtok try...

...umaks=0022 session optional /lib/security/pam_console.so -------------- next part -------------- #%PAM-1.0 auth required /lib/security/pam_winbind.so shadow account required /lib/security/pam_winbind.so password required /lib/security/pam_cracklib.so lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1 retry=3 password required /lib/security/pam_unix.so use_authtok md5 shadow -------------- next part -------------- auth required pam_winbind.so account required pam_winbind.so session required pam_mkhomedir.so skel=/etc/samba/skel umask=0022 password required pam_unix.so -------------- next...

...umaks=0022 session optional /lib/security/pam_console.so -------------- next part -------------- #%PAM-1.0 auth required /lib/security/pam_winbind.so shadow account required /lib/security/pam_winbind.so password required /lib/security/pam_cracklib.so lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1 retry=3 password required /lib/security/pam_unix.so use_authtok md5 shadow -------------- next part -------------- auth required pam_winbind.so account required pam_winbind.so session required pam_mkhomedir.so skel=/etc/samba/skel umask=0022 password required pam_unix.so -------------- next...

I have been ready everything I can regarding this setup but am having a problem that I am unsure of. I am unable to authenticate any user despite the following commands working: %> getent passwd <username> %> wbinfo -u %> wbinfo -g With the getent passwd I am able to see all of my UID/GID being mapped via winbdind to the rid of the domain user account. This command fails: %>

We have a small Ubuntu 9.10 file server in a large Win 2003/2008 domain. There is no X nor web browser in the server. I have rights to join machines to the domain, but I'm not an Administrator There is about 10 users in this server, who want to authenticate with domain passwords when they mount their home directories to WindowsXP workstations. The ssh passwords should be local and separated

...ount required pam_unix.so account sufficient pam_succeed_if.so uid < 100 quiet account sufficient pam_stack.so service=krb5-secdom account required pam_permit.so password requisite pam_cracklib.so retry=3 type=local minlen=7 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1 difok=3 difignore=15 password sufficient pam_unix.so md5 shadow nullok use_authtok remember=24 password sufficient pam_stack.so service=krb5-secdom password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session...

...gt; >> > >> root at pdc:~# cat /etc/pam.d/common-password|egrep -v '^#|^$' > >> password requisite pam_cracklib.so > >> reject_username retry=3 minlen=18 difok=3 maxrepeat=2 minclass=4 > >> lcredit=0 ucredit=2 dcredit=1 ocredit=1 > >> password required pam_pwhistory.so > >> use_authtok enforce_for_root remember=5 > >> password [success=2 default=ignore] pam_unix.so > >> obscure use_authtok try_first_pass sha512 > >> password [suc...