Cracklib and PAM
bdubbs at swbell.net
Thu Mar 23 17:32:55 PST 2006
Dan Nicholson wrote:
> On 3/23/06, Randy McMurchy <randy at linuxfromscratch.org> wrote:
>> Dan Nicholson wrote these words on 03/23/06 14:26 CST:
>>> Because I don't always want my password to be checked that thoroughly.
>> Thanks, Dan. And not to belabor the point, but instead to provide
>> information that you may not be aware of considering the remark
>> above, even with CrackLib installed, you still don't *have* to
>> have a strong password. With CrackLib you could still have "Dan"
>> as your password (just an example, not saying that's what you
>> would use) if you wanted.
> Part of the problem that I haven't mentioned so far is that I don't
> know how to configure cracklib well. So, what ends up happening is
> that I have a hard time setting passwords that cracklib deems worthy.
> But that's more of a usage problem. I still like using PAM to control
> how different programs authenticate users. I don't always like having
> a strict password checker, though.
LOL. You fix it by adjusting the /etc/pam.d/passwd file.
password required /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/$ISA/pam_unix.so nullok
password required /lib/security/$ISA/pam_deny.so
to see how configure pam_cracklib.so differently.
P.S. $ISA is generally null.
More information about the blfs-book