# # pam_cracklib.so
APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

2005/03/22 pam_cracklib.so

I've removed advertising from most of this site and will eventually clean up the few pages where it remains.

While not terribly expensive to maintain, this does cost me something. If I don't get enough donations to cover that expense, I will be shutting the site down in early 2020.

If you found something useful today, please consider a small donation.



Some material is very old and may be incorrect today

© March 2005 Tony Lawrence

A PAM module for checking password strength. It's often installed by default; for example on a RedHat box here /etc/pam.d/system-auth has


password    required      /lib/security/$ISA/pam_cracklib.so
retry=3 type=
 

The retry parameter sets how many chances you get to supply an acceptable password, and setting type to blank prevents it from being annoyingly repetitive with the word UNIX. Without that set to blank, you'd get:


(current) UNIX password: 
New UNIX password: 
 

instead of

(current) UNIX password: 
New password: 
 

You could also set it to another string:

(current) UNIX password: 
New (make_it_hard!)) password: 
 

though I doubt that would help much. If you do want users to choose harder passwords, there are other arguments that will force that. One of the most obvious is password length, which gets complicated by "credits" for using digits, mixing upper and lower case, and using "other" characters like punctuation.

If you add "debug" to the arguments, password changes (and failures to change) will be logged to /var/log/messages:

Mar 19 09:13:22 redhat passwd(pam_unix)[24907]: authentication failure; logname=johnm uid=502 euid=0 tty= ruser= rhost=  user=johnm
Mar 19 09:14:31 redhat PAM-Cracklib[24908]: new passwd fails strength check: is too similar to the old one
Mar 19 09:15:02 redhat passwd(pam_unix)[24908]: password changed for johnm
Mar 19 09:15:19 redhat PAM-Cracklib[24911]: new passwd fails strength check: is rotated
Mar 19 09:15:51 redhat PAM-Cracklib[24911]: Password mistyped
Mar 19 09:22:23 redhat passwd(pam_unix)[24946]: password changed for johnm
 

Documentation for this and other modules is often not in man pages, but you'll probably find it in /usr/share/doc/pam-0.75/txts/ and it's online at http://www.kernel.org/pub/linux/libs/pam/, and you also should have html docs in /usr/share/doc/pam-0.75/html

.

If you found something useful today, please consider a small donation.



Got something to add? Send me email.





(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

->
-> pam_cracklib.so


Inexpensive and informative Apple related e-books:

iOS 10: A Take Control Crash Course

Digital Sharing Crash Course

Take Control of iCloud

Take Control of iCloud, Fifth Edition

Take Control of OS X Server





More Articles by © Tony Lawrence





Printer Friendly Version

Have you tried Searching this site?

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us


Printer Friendly Version





Simplicity is a great virtue but it requires hard work to achieve it and education to appreciate it. And to make matters worse: complexity sells better. ((Edsger W. Dijkstra)




Linux posts

Troubleshooting posts


This post tagged:

Security



Unix/Linux Consultants

Skills Tests

Unix/Linux Book Reviews

My Unix/Linux Troubleshooting Book

This site runs on Linode