لطفا منتظر باشید ...
Recipe 4.2 Enforcing Password Strength with PAM
4.2.1 Problem
You want your users to employ strong
passwords.
4.2.2 Solution
Use the
CrackLib
[Recipe 9.2] module of PAM,
pam_cracklib, to test and enforce password
strength requirements automatically. In some Linux distributions such
as Red
Hat 8.0, this feature is enabled by default.
passwd and other PAM-mediated programs will
complain if a new password is too short, too simple, too closely
related to the previous password, etc.
You can adjust password strength and other variables by editing the
parameters to the pam_cracklib module in
/etc/pam.d/system-auth. For example, to increase
the number of consecutive times a user can enter an incorrect
password, change the retry parameter from its
default of 3:
password required /lib/security/pam_cracklib.so retry=3
4.2.3 Discussion
PAM allows recursion via the
pam_stack
modulethat is, one PAM module can invoke another. If you
examine the contents of /etc/pam.d, you will
find quite a number of modules that recursively depend on
system-auth, for example. This lets you define a
single, systemwide authentication policy that propagates to other
services.
Red Hat 8.0 has a sysadmin utility,
authconfig ,
with a simple GUI for setting
system authentication methods and policies:
how authentication is performed (local passwords, Kerberos, LDAP),
whether caching is done, etc. authconfig does its
work by writing /etc/pam.d/system-auth.
Unfortunately, it does not preserve any customizations you might make
to this file. So, if you make custom edits as described above, beware
using authconfigit will erase them!
4.2.4 See Also
pam(8), authconfig(8), pam_stack(8). See
/usr/share/doc/pam-*/txts/README.pam_cracklib
for a list of parameters to tweak.
