The default password length is usually 8 characters. In order to improve security longer passwords can be enforced. Pluggable Authentication Module (PAM) is used for login authentication. We will make changes to the pam_cracklib module to control how the user authenticates.
Important: Make sure to make a backup of your /lib/security directory and your /etc/pam.d/system-auth before making any changes. Making changes to PAM can cause a system to become inaccessible.
Create backup then list contents of the tar file:
# tar -cvf backup.tar /etc/pam.d/system-auth /lib/security/*
# tar -tf backup.tar
Open file /etc/pam.d/system-auth file with an editor such as vi. Inside the /etc/pam.d/system-auth file you will find line:
password requisite /lib/security/$ISA/pam_cracklib.so retry=3 type=
Replace the line with:
password requisite /lib/security/$ISA/pam_cracklib.so retry=3 minlen=10
Notes:
- Make the changes carefully. If a change is made and the system becomes inaccessible, go into rescue mode and replace the files with the backup files previously created.
- Once the proper changes have been made to the system-auth file and everything is working as desired, a backup of the new system-auth should be made. If the authconfig command is used, it will overwrite the system-auth file.
- If a single digit number is used in the password, an extra character must be used in the password.
No comments:
Post a Comment