Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-security

From: Peter Volkov Alexandrovich <pvolkov@××××××××.su>
To: gentoo-security@l.g.o
Subject: [gentoo-security] pam cracklib. Why credits are not working.
Date: Sun, 28 Nov 2004 15:27:22
Message-Id: 200411281829.56832.pvolkov@mics.msu.su
1 Hello.
2
3 I'm trying to exploit cracklib to force users to use better passwords. But
4 dcredit=N, ucredit=N, lcredit=N, ocredit=N are not taken into account on my
5 system when user tries to passwd. Below are pam configuration files:
6
7 cat /etc/pam.d/passwd
8 #%PAM-1.0
9 auth required /lib/security/pam_stack.so service=system-auth
10 account required /lib/security/pam_stack.so service=system-auth
11 password required /lib/security/pam_stack.so service=system-auth
12
13 So everything is stacked on system-auth. Now what I have in system-auth:
14 cat /etc/pam.d/system-auth
15 #%PAM-1.0
16 auth required /lib/security/pam_env.so
17 auth sufficient /lib/security/pam_unix.so likeauth nullok
18 auth required /lib/security/pam_deny.so
19 account required /lib/security/pam_unix.so
20 password required /lib/security/pam_cracklib.so retry=3 diffok=3
21 minlen=8 dccredit=2 upcredit=2 lcredit=2 ocredit=1 type=XXX
22 password sufficient /lib/security/pam_unix.so nullok md5 shadow
23 use_authtok
24 password required /lib/security/pam_deny.so
25 session required /lib/security/pam_limits.so
26 session required /lib/security/pam_unix.so
27
28 So you see I want password to be more then 8 character long to have 2 digits,
29 2 upper, 2 lower case and 1 other characters. Now as ordinary user I try to
30 use passwd with password "qwertyuiop" and this works! Can anybody enlight me
31 why I can use password without digits?
32
33 Thank you for your attention,
34 --
35
36 ______________________________________
37
38 Volkov Peter, <pvolkov@××××××××.su>
39 General Physics Institute,
40 Russian Academy of Sciences.
41 ______________________________________
42
43 NO ePATENTS, eSIGN now on:
44 http://petition.eurolinux.org
45 and maybe this helps...
46
47 Linux 2.4.26-gentoo-r9 i686
48 Mobile Intel(R) Celeron(R) CPU 1.60GHz
49
50 --
51 gentoo-security@g.o mailing list

Replies

Subject Author
Re: [gentoo-security] pam cracklib. Why credits are not working. Henning Rohde <Rohde.Henning@×××.net>
Report Message
Find on MARC Find on Google Groups