1 |
Hello. |
2 |
|
3 |
I'm trying to exploit cracklib to force users to use better passwords. But |
4 |
dcredit=N, ucredit=N, lcredit=N, ocredit=N are not taken into account on my |
5 |
system when user tries to passwd. Below are pam configuration files: |
6 |
|
7 |
cat /etc/pam.d/passwd |
8 |
#%PAM-1.0 |
9 |
auth required /lib/security/pam_stack.so service=system-auth |
10 |
account required /lib/security/pam_stack.so service=system-auth |
11 |
password required /lib/security/pam_stack.so service=system-auth |
12 |
|
13 |
So everything is stacked on system-auth. Now what I have in system-auth: |
14 |
cat /etc/pam.d/system-auth |
15 |
#%PAM-1.0 |
16 |
auth required /lib/security/pam_env.so |
17 |
auth sufficient /lib/security/pam_unix.so likeauth nullok |
18 |
auth required /lib/security/pam_deny.so |
19 |
account required /lib/security/pam_unix.so |
20 |
password required /lib/security/pam_cracklib.so retry=3 diffok=3 |
21 |
minlen=8 dccredit=2 upcredit=2 lcredit=2 ocredit=1 type=XXX |
22 |
password sufficient /lib/security/pam_unix.so nullok md5 shadow |
23 |
use_authtok |
24 |
password required /lib/security/pam_deny.so |
25 |
session required /lib/security/pam_limits.so |
26 |
session required /lib/security/pam_unix.so |
27 |
|
28 |
So you see I want password to be more then 8 character long to have 2 digits, |
29 |
2 upper, 2 lower case and 1 other characters. Now as ordinary user I try to |
30 |
use passwd with password "qwertyuiop" and this works! Can anybody enlight me |
31 |
why I can use password without digits? |
32 |
|
33 |
Thank you for your attention, |
34 |
-- |
35 |
|
36 |
______________________________________ |
37 |
|
38 |
Volkov Peter, <pvolkov@××××××××.su> |
39 |
General Physics Institute, |
40 |
Russian Academy of Sciences. |
41 |
______________________________________ |
42 |
|
43 |
NO ePATENTS, eSIGN now on: |
44 |
http://petition.eurolinux.org |
45 |
and maybe this helps... |
46 |
|
47 |
Linux 2.4.26-gentoo-r9 i686 |
48 |
Mobile Intel(R) Celeron(R) CPU 1.60GHz |
49 |
|
50 |
-- |
51 |
gentoo-security@g.o mailing list |