Password Configuration changes in SUSE server

Hi All,
Need your help in modifying the below parameters for password configuration on SuSe linux server as per SOX Client requirement
Password MinimumLength = 8
Min Upper case chars=1
Min lower case char=1
Min digit chars=1
Min special Chars=1
Lifetime(The maximum period of time, (in days) a user's password may be in effect before the user is forced to change it.) = 90 days
History(The number of unique new passwords that must be associated with a user account before an old password can be reused) = 24
Minimum password age(The period (in days) that a password must be used before the user can change it)= 2 days
Account Lockout duration(The amount of time a locked-out account remains locked out before automatically becoming unlocked.)=15
Account Lockout threshold(The number of failed sign-in attempts that will cause a user account to be locked.)=6

Kindly help us to set above parameters in our Suse Linux server below is the suse linux version
Linux 4.12.14-197.37-default #1 SMP
cat /etc/SUSE-brand
SLE
VERSION = 15

Comments

  • malcolmlewismalcolmlewis Knowledge Partner

    Hi
    You should be able to perform all these tasks via YaST, see https://documentation.suse.com/sles/15-SP1/html/SLES-all/cha-security-yast-security.html

  • Thanks for the information.
    Kindly let us know is there any specific file where we can edit directly with syntax instead of Yast command.
    In yast there is no specific information specified in the link related to below parameters
    Min Upper case chars=1
    Min lower case char=1
    Min digit chars=1
    Min special Chars=1
    Lifetime
    Account Lockout duration
    Account Lockout threshold

  • malcolmlewismalcolmlewis Knowledge Partner

    Hi
    The Lifetime can be set via Password Age (10.3), the rest are via pam configuration at https://documentation.suse.com/sles/15-SP1/html/SLES-all/cha-pam.html. I would suggest a peruse at the top level as well at https://documentation.suse.com/sles/15-SP1/html/SLES-all/book-security.html

  • Hi
    Current entries in /etc/pam.d/common-password file as per below
    password requisite pam_cracklib.so
    password optional pam_gnome_keyring.so use_authtok
    password required pam_unix.so use_authtok nullok shadow try_first_pass

    If i add below entries it will work are else it may impact the settings are i need to remove any of the above entries and then i need to make below entries
    password required pam_unix2.so nullok use_authtok md5
    password requisite pam_cracklib.so dcredit=-1 ucredit=-1 lcredit=-1 minlen=12

    Please let us know i need to change below parameters as well where i need to edit these parameters
    Lifetime(The maximum period of time, (in days) a user's password may be in effect before the user is forced to change it.) = 90 days
    History(The number of unique new passwords that must be associated with a user account before an old password can be reused) = 24
    Minimum password age(The period (in days) that a password must be used before the user can change it)= 2 days
    Account Lockout duration(The amount of time a locked-out account remains locked out before automatically becoming unlocked.)=15

  • malcolmlewismalcolmlewis Knowledge Partner

    @Vadapalli those last ones can be done via YaST -> Security and Users -> Security Center: On the Password Settings section.

  • Hi Malcolmlewis,

    I am unable to see all parameters specified above under Security and Users -> Security Center: On the Password Settings section. cross checked with YasT Command as well and that is why i am coming back to you and asking for alternate options.
    Please let us know how to make entries in to /etc/pam.d/common-password
    if we change password length to 12 whether we need to change password algorithm as well if yes please let us know how to make changes.

  • Hi Malcomlewis,

    Kindly update as we are waiting response from you as we need to implement on Production server on priority basis.

  • malcolmlewismalcolmlewis Knowledge Partner

    @Vadapalli just a comment, these are peer to peer user Forums, like you I'm just an end user helping out ;) If you want timely support then suggest your raise a Support Request for your issues. Likewise, I'm not sure why you would be rolling out into production an unsupported release of SLES (or do you have a LTSS license, then you have the ability to open a support request?).

    In YaST (SLES 15 SP2) I see;

    Lifetime - Password Age (Maximum)
    History - Number of Passwords to Remember
    Min password Age - password Age (Minimum)
    Each page has a HELP button with details of each option in YaST.

    Account Lockout duration - See https://www.suse.com/support/kb/doc/?id=000018071

    The password length and encryption method (algorithm) are there too in Password Settings.

  • Hi Malcomlewis,
    Thanks for your support.
    Can you please let us know how raise a Support request for this issue. We have license.
    Please let us know how to raise a Support request.

  • malcolmlewismalcolmlewis Knowledge Partner

    Hi
    @Vadapalli if you login into SUSE Customer Center, https://scc.suse.com/ under 'My Tool's -> Support :)

Sign In or Register to comment.