Linux PAM:passwd: how many character validate

amitpansuria · October 20, 2008, 6:31am

Helo I m using PAM module on linux system

I have one strange problem.
I have create user and assigned group using my own function.

I m giving more than 8 character password.
Now when I enter upto 8 character then also it will accept.
In short It validate only first 8 character. can U tell me how do I change this setting.

My /etc/pam.d/passwd entry are given bewlo:

#%PAM-1.0
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth

/etc/pam.d/system-auth file contains following:

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required /lib/security/$ISA/pam_deny.so

account required /lib/security/$ISA/pam_unix.so
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account required /lib/security/$ISA/pam_permit.so

password requisite /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password required /lib/security/$ISA/pam_deny.so

session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so

what to to

Amit

jim_mcnamara · October 20, 2008, 10:17am

Change the pam_cracklib.so line to have a large value for "minlen" This means all passwords will have to be this minimum length, which should be a caution for you.

see:
pam_cracklib(8) - Linux man page

amitpansuria · October 20, 2008, 11:27am

Helo Jim thx for replying me.

I m new in PAM stuff. I read man page but still confused.
can You tell me how do I change that line pam_cracklib.so so that I have a large value of minlen?

Regards,
Amit

jim_mcnamara · October 20, 2008, 11:32am

from the link I just gave you.... note the red text

amitpansuria · October 20, 2008, 12:30pm

Helo Jim thx again for replying me quickly.

I have one more dought again

My problem is that suppose create a user and give a 12 character password . It will accept this password.

But when I logg off and again login and now I give first 8 character then only It will accept password. So it menas it validates only first 8 character.

One more my /etc/pam.d/passwd file contains following

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required /lib/security/$ISA/pam_deny.so

account required /lib/security/$ISA/pam_unix.so
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account required /lib/security/$ISA/pam_permit.so

password requisite /lib/security/$ISA/pam_cracklib.so retry=3 minlen=12
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password required /lib/security/$ISA/pam_deny.so

session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so

Now tell me where do i make change in passwd (/etc/pam.d/passwd)
or system-auth (/etc/pam.d/system-auth )

Once again thx for your support.

Regards,
Amit

#%PAM-1.0
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth

there is no entry like cracklib

any way my /etc/pam.d/system-auth file contains following