NIS password policy

Linux and Unix-Like Red Hat
1

Hi,

I am running NIS server on redhat linux 5 and I want to implement password restrictions for the yppasswd, how can I do it.Please help me.

I can implement password restriction for passwd by configuring /etc/pam.d/system-auth and setting crack_lib.so but I don't know how to implent the same for NIS

2

** If you have /lib/security/pam_pwdb.so
append below to your /etc/pwdb.conf in client

user:
    unix+shadow
    nis+unix+shadow
group:
    unix+shadow
    nis+unix+shadow

change like below to /etc/nsswitch.conf

passwd:     files nis
shadow:     files nis
group:      files nis

append like below to /etc/pam.d/passwd

auth  required  /lib/security/pam_pwdb.so shadow  
account  required  /lib/security/pam_pwdb.so  
password  required  /lib/security/pam_cracklib.so retry=3  
password  required  /lib/security/pam_pwdb.so use_authtok md5 shadow

** if you have not pam_pwdb.so then append like below to /etc/pam.d/passwd

password required pam_unix.so obscure min=8 max=15 md5 nis
password required pam_cracklib.so retry=3 retry=3 minlen=12 dcredit=2 ucredit=2 lcredit=1 difok=3
password sufficient pam_unix.so obscure min=4 max=8 md5 nis use_authtok
password required pam_unix.so obscure min=4 max=8 md5 use_first_pass

** if you dont success for these methods then u can try this module for nis
PAM NIS authorisation module

good lucks
regards ygemici

3

Hi,

Thanks for the response, I tried both options but no luck, after editing pam files do i need to start any services.
If i go for third option what I need to do after installing.

Thanks,
trimurtulu

4

In normally you dont need service restart maybe you restart or reboot the service then if it is idle..

for third option i think this module is for only nis service and to enable/disable users that a specific file or enable/disable specific nis maps for users....
so probably you cannot use for password policy..

for this you must use pam_cracklib.so

add these "system-auth" file

password sufficient pam_unix.so obscure min=4 max=8 md5 shadow nis use_authtok
password required pam_unix.so obscure min=8 max=15 md5 nis
password required pam_cracklib.so retry=3 retry=3 minlen=12 dcredit=2 ucredit=2 lcredit=1 difok=3
password required pam_deny.so