search for: ucredit

I''m trying to change the password complexity requirements in pam.d/system-auth using augeas. I can append the values (lcredit=-1, ucredit=-1, etc) onto the correct place, but if another value is already present (i.e. lcredit=-2), the onlyif match statement doesn''t seem to support checking regular expressions inside of strings. How do I check that any numeric value exists in the argument?? define passwordcomplexity($...

...id >= 500 quiet auth required pam_deny.so account required pam_tally.so account required pam_unix.so account sufficient pam_succeed_if.so uid < 500 quiet account required pam_permit.so password requisite pam_cracklib.so minlen=8 lcredit=2 ucredit=2 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so se...

...gt;account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet >account required /lib/security/$ISA/pam_permit.so #password requisite /lib/security/$ISA/pam_cracklib.so retry=3 #password requisite /lib/security/$ISA/pam_cracklib.so retry=3 minlen=10 ucredit=-2 lcredit=-2 dcredit=-2 ocredit=-2 difok=3 # Changed to 15 character length password password requisite /lib/security/$ISA/pam_cracklib.so retry=3 minlen=15 ucredit=-2 lcredit=-2 dcredit=-2 ocredit=-2 difok=3 # Remember the last 15 passwords password sufficient /lib/security/$ISA/pam...

...command line program that determines and reports what pam_cracklib.so returns for a given password; subject to variation in the command line options and values provided? For example, assuming a cli driver program called cli_driver_pgm: cli_driver_pgm pam_cracklib.so difok=8 minlen=14 dcredit=3 ucredit=3 lcredit=3 ocredit=3 minclass=2 maxrepeat=3 maxsequence=3 reject_username gecoscheck -- somepassword -> pam_cracklib calculated minlen value for somepassword My Google-fu appears to have deserted me. -- *** E-Mail is NOT a SECURE channel *** James B. Byrne...

Hi, I have some databases running on CentOS4 with users accessing the shell (bash), so I'd like to strong the security on my server in user's accounts and passwords.. I mean, enforcing strong passwords, min/max age passwords, locking passwords when you fail 3 times, and all this stuff. Is there any package which do this work? Any tutorial? Thanks in advance Regards Israel

Hey gang, I seem to be having a brain disconnect on how to get the Augeas type to manage things that have multiple values (i.e. an Augeas tree) via Puppet. If I run this in augtool: augtool> set /files/etc/ssh/sshd_config/AllowGroups/1000 sshuser augtool> save I see this in /etc/ssh/sshd_config: AllowGroups sshuser However, if I try this in an Augeas type: augeas {

...sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_ldap.so account required pam_permit.so password requisite pam_cracklib.so type= retry=3 difok=3 minlen=8 dcredit=-1 ocredit=-1 ucredit=-1 lcredit=0 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password sufficient pam_ldap.so use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session optional...

...lib/security/pam_unix.so likeauth nullok use_first_pass auth required /lib/security/pam_deny.so account sufficient /lib/security/pam_winbind.so account required /lib/security/pam_unix.so password required /lib/security/pam_cracklib.so retry=3 minlen=2 dcredit=0 ucredit=0 password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow password required /lib/security/pam_deny.so session required /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0022 session required /lib/security/pam_limits.so session required...

...uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_krb5.so account [default=bad success=ok user_unknown=ignore] pam_winbind.so cached_login account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 minlen=12 dcredit=1 ucredit=1 lcredit=1 ocredit=1 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password sufficient pam_krb5.so use_authtok password sufficient pam_winbind.so cached_login use_authtok password required pam_deny.so session optional pam_keyinit.s...

.../lib/security/pam_winbind.so auth sufficient /lib/security/pam_unix.so likeauth nullok auth required /lib/security/pam_deny.so account sufficient /lib/security/pam_winbind.so account required /lib/security/pam_unix.so password required /lib/security/pam_cracklib.so retry=3 minlen=2 dcredit=0 ucredit=0 password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow password required /lib/security/pam_deny.so session required /lib/security/pam_mkhomedir.so skel=/etc/skel umask=0022 session required /lib/security/pam_limits.so session required /lib/security/pam_unix.so

...ecurity/pam_unix.so likeauth nullok use_first_pass auth required /lib/security/pam_deny.so account sufficient /lib/security/pam_winbind.so account required /lib/security/pam_unix.so password required /lib/security/pam_cracklib.so retry=3 minlen=4 dcredit=0 ucredit=0 password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow password required /lib/security/pam_deny.so session required /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0022 session required /lib/security/pam_limits.so session required...

...d* %n\n *passwd:*all*authentication*tokens*updated*successfully* /etc/pam.d/samba: auth required pam_unix.so nullok account required pam_unix.so session required pam_unix.so password required pam_cracklib.so minlen=20 ocredit=5 ucredit=3 dcredit=3 lcredit=1 password required pam_unix.so Now I have changed the part in smb.conf to be like this: passwd program = /usr/bin/ldappasswd -D cn=root,dc=neonatus,dc=net -x -w 'password_for_root_user' -S uid=%u,ou=People,dc=neonatus,dc=net passwd chat = *New*password*%n\...

Hello all, I've installed samba-3.0.1 on a linux machine that has a role of domainmember in an NT domain. What I would like is that there would be nothing to do on the linux machine when adding a user in teh NT domain. For that I have started and configured winbind that works fine. But I want to create a share for each user on the NT domain. I have in my smb.conf a [homes] share, but when a

...pam_permit.so > # cat /etc/pam.d/common-password|egrep -v '^#|^$' root at pdc:~# cat /etc/pam.d/common-password|egrep -v '^#|^$' password requisite pam_cracklib.so reject_username retry=3 minlen=18 difok=3 maxrepeat=2 minclass=4 lcredit=0 ucredit=2 dcredit=1 ocredit=1 password required pam_pwhistory.so use_authtok enforce_for_root remember=5 password [success=2 default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512 password [success=1 user_unknown=ignore default=die] pam_ldap...

...dir.so skel=/etc/skel/ umaks=0022 session optional /lib/security/pam_console.so -------------- next part -------------- #%PAM-1.0 auth required /lib/security/pam_winbind.so shadow account required /lib/security/pam_winbind.so password required /lib/security/pam_cracklib.so lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1 retry=3 password required /lib/security/pam_unix.so use_authtok md5 shadow -------------- next part -------------- auth required pam_winbind.so account required pam_winbind.so session required pam_mkhomedir.so skel=/etc/samba/skel umask=0022 password required pam_unix....

...dir.so skel=/etc/skel/ umaks=0022 session optional /lib/security/pam_console.so -------------- next part -------------- #%PAM-1.0 auth required /lib/security/pam_winbind.so shadow account required /lib/security/pam_winbind.so password required /lib/security/pam_cracklib.so lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1 retry=3 password required /lib/security/pam_unix.so use_authtok md5 shadow -------------- next part -------------- auth required pam_winbind.so account required pam_winbind.so session required pam_mkhomedir.so skel=/etc/samba/skel umask=0022 password required pam_unix....

Hi, We are planning to move all of our win2k server (currenty around 50!) alongwith AD to Linux, we are planning to use LDAP based samba domain controllers for authentication and file/print serving. We are doing a pilot and things are fine till now, just one simple problem, what should we do with our password policy, we have three restrictions relating passwords minimum password length password

...ally.so magic_root account required pam_unix.so account sufficient pam_succeed_if.so uid < 100 quiet account sufficient pam_stack.so service=krb5-secdom account required pam_permit.so password requisite pam_cracklib.so retry=3 type=local minlen=7 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1 difok=3 difignore=15 password sufficient pam_unix.so md5 shadow nullok use_authtok remember=24 password sufficient pam_stack.so service=krb5-secdom password required pam_deny.so session optional pam_keyinit.so revoke session required pa...

...-v '^#|^$' > >> > >> root at pdc:~# cat /etc/pam.d/common-password|egrep -v '^#|^$' > >> password requisite pam_cracklib.so > >> reject_username retry=3 minlen=18 difok=3 maxrepeat=2 minclass=4 > >> lcredit=0 ucredit=2 dcredit=1 ocredit=1 > >> password required pam_pwhistory.so > >> use_authtok enforce_for_root remember=5 > >> password [success=2 default=ignore] pam_unix.so > >> obscure use_authtok try_first_pass sha512 > >>...

...ient /lib/security/pam_ldap.so likeauth use_first_pass auth required /lib/security/pam_deny.so account required /lib/security/pam_unix.so account sufficient /lib/security/pam_ldap.so password required /lib/security/pam_cracklib.so retry=3 minlen=4 dcredit=0 ucredit=0 password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow password sufficient /lib/security/pam_ldap.so use_authtok password required /lib/security/pam_deny.so session required /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0022 session re...