PDA

View Full Version : PAM and Password complexity



jombiejp
17-Sep-2015, 01:03
Hi,
I'm using SLES 10 and have a need to prevent users from using their username in their password.
Currently, my /etc/pam.d/common-password shows:
password required pam_pwcheck.so
password required pam_cracklib.so use_authtok difok=4 retry=3 minlen=12 lcredit=-2 ucredit=-2 dcredit=-2 ocredit=-2
password required pam_pwcheck.so remember=24 use_authtok use_first_pass
password required pam_unix2.so use_authtok use_first_pass

I know Redhat's pam_cracklib supports reject_username, but it doesn't seem to work with SLES10.

Does anyone have any idea how I can accomplish this?

Thanks in advance.

maikcat
17-Sep-2015, 06:21
SLES11 pam_cracklib do supports reject_username parameter as i use it...

unfortunately i dont have any SLES10 systems...

Michael.

maikcat
17-Sep-2015, 06:23
SLES11 pam_cracklib module do support reject_username param

unfortunately i dont have any SLES10 systems to check it...

Michael.

jmozdzen
17-Sep-2015, 15:50
Hi jombiejp,

Hi,
I'm using SLES 10 and have a need to prevent users from using their username in their password.
[...]
I know Redhat's pam_cracklib supports reject_username, but it doesn't seem to work with SLES10.

SLES10 is pretty old ;) The first SLES version I remember to ship pam_cracklib with support for that parameter was SLES11SP3 - maybe SLES11SP2 had it, SP1 didn''t.

[QUOTE=jombiejp;29638] Does anyone have any idea how I can accomplish this?[(QUOTE]

Not quite the same, I know, but how about periodically updating a pam_cracklib dictionary with all the current user names in it?

Regards,
Jens

jombiejp
17-Sep-2015, 22:16
Yeah. SLES10 is rather old, but it's what we have :)
Thanks for the idea jmozdzen