Cracklib and PAM

Bruce Dubbs bdubbs at swbell.net
Thu Mar 23 17:32:55 PST 2006


Dan Nicholson wrote:
> On 3/23/06, Randy McMurchy <randy at linuxfromscratch.org> wrote:
>> Dan Nicholson wrote these words on 03/23/06 14:26 CST:
>>
>>> Because I don't always want my password to be checked that thoroughly.
>> Thanks, Dan. And not to belabor the point, but instead to provide
>> information that you may not be aware of considering the remark
>> above, even with CrackLib installed, you still don't *have* to
>> have a strong password. With CrackLib you could still have "Dan"
>> as your password (just an example, not saying that's what you
>> would use) if you wanted.
> 
> Part of the problem that I haven't mentioned so far is that I don't
> know how to configure cracklib well.  So, what ends up happening is
> that I have a hard time setting passwords that cracklib deems worthy. 
> But that's more of a usage problem.  I still like using PAM to control
> how different programs authenticate users.  I don't always like having
> a strict password checker, though.

LOL.  You fix it by adjusting the /etc/pam.d/passwd file.

RH uses:

password    required      /lib/security/$ISA/pam_cracklib.so retry=3
password    sufficient    /lib/security/$ISA/pam_unix.so nullok
use_authtok md5
password    required      /lib/security/$ISA/pam_deny.so

See
http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam-6.html#ss6.3

to see how configure pam_cracklib.so differently.

  -- Bruce

P.S.  $ISA is generally null.



More information about the blfs-book mailing list