Changeset 62066a54 for postlfs

Timestamp:

12/25/2018 01:15:21 AM (5 years ago)

Author:

DJ Lucas <dj@…>

Branches:

10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 8.4, 9.0, 9.1, bdubbs/svn, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal

Children:

a5660ad

Parents:

e7594ad

Message:

Update pam_cracklib configuration with modern options and provide replacement configuration with pam_pwqaulity.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@20872 af4574ff-66df-0310-9fd7-8a98e5e911e0

Location:

postlfs/security

Files:

• libpwquality.xml (modified) (1 diff)
• linux-pam.xml (modified) (1 diff)

postlfs/security/libpwquality.xml

@@ -114 +114 @@
   </sect2>
 
+  <sect2 role="configuration">
+    <title>Configuring Libpwquality</title>
+
+    <para>
+      <application>Libpwquality</application> is intended to be a
+      functional replacement for the <filename>pam_cracklib.so</filename>
+      module with additional options. To replace the
+      <filename>pam_cracklib.so</filename> module with the
+      <filename>pam_pwquality.so</filename> module, execute the following
+      commands as the <systemitem class="username">root</systemitem> user:
+    </para>
+
+<screen role="root"><userinput>mv /etc/pam.d/system-password{,.orig} &amp;&amp;
+cat &gt; /etc/pam.d/system-password &lt;&lt; "EOF"
+<literal># Begin /etc/pam.d/system-password
+
+# check new passwords for strength (man pam_pwquality)
+password  required    pam_pwquality.so   authtok_type=UNIX retry=1 difok=1 \
+                                         minlen=8 dcredit=0 ucredit=0 \
+                                         lcredit=0 ocredit=0 minclass=1 \
+                                         maxrepeat=0 maxsequence=0 \
+                                         maxclassrepeat=0 geoscheck=0 \
+                                         dictcheck=1 usercheck=1 \
+                                         enforcing=1 badwords="" \
+                                         dictpath=/lib/cracklib/pw_dict
+# use sha512 hash for encryption, use shadow, and use the
+# authentication token (chosen password) set by pam_pwquality
+# above (or any previous modules)
+password  required    pam_unix.so        sha512 shadow use_authtok
+
+# End /etc/pam.d/system-password</literal>
+EOF
+</userinput></screen>
+
+  </sect2>
+    
   <sect2 role="content">
     <title>Contents</title>

postlfs/security/linux-pam.xml

@@ -318 +318 @@
 
 # check new passwords for strength (man pam_cracklib)
-password  required    pam_cracklib.so   type=Linux retry=3 difok=5 \
-                                        difignore=23 minlen=9 dcredit=1 \
-                                        ucredit=1 lcredit=1 ocredit=1 \
-                                        dictpath=/lib/cracklib/pw_dict
+password  required    pam_cracklib.so    authtok_type=UNIX retry=1 difok=5 \
+                                         minlen=9 dcredit=1 ucredit=1 \
+                                         lcredit=1 ocredit=1 minclass=0 \
+                                         maxrepeat=0 maxsequence0 \
+                                         maxclassrepeat=0 \
+                                         dictpath=/lib/cracklib/pw_dict
 # use sha512 hash for encryption, use shadow, and use the
 # authentication token (chosen password) set by pam_cracklib
 # above (or any previous modules)
-password  required    pam_unix.so       sha512 shadow use_authtok
+password  required    pam_unix.so        sha512 shadow use_authtok
 
 # End /etc/pam.d/system-password</literal>