Changeset c0c33269


Ignore:
Timestamp:
07/04/2007 05:46:38 PM (17 years ago)
Author:
DJ Lucas <dj@…>
Branches:
10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 12.2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gimp3, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/for-12.3, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/spidermonkey128, xry111/test-20220226, xry111/xf86-video-removal
Children:
4d62032
Parents:
977f525
Message:

Set pam_cracklib to defaults and added security note.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@6834 af4574ff-66df-0310-9fd7-8a98e5e911e0

Files:
2 edited

Legend:

Unmodified
Added
Removed
  • introduction/welcome/changelog.xml

    r977f525 rc0c33269  
    4848          <para>[randy] - Updated to libxlst-1.1.21.</para>
    4949        </listitem>
     50        <listitem>
     51          <para>[dj] - Modified Linux-PAM configuration to use cracklib
     52          defaults.</para>
     53        </listitem>
    5054      </itemizedlist>
    5155    </listitem>
  • postlfs/security/shadow.xml

    r977f525 rc0c33269  
    359359session     optional       pam_lastlog.so
    360360session     required       pam_unix.so
    361 password    required       pam_cracklib.so  retry=3 difok=8 minlen=5 \
    362                                             dcredit=3 ocredit=3 \
    363                                             ucredit=2 lcredit=2
     361password    required       pam_cracklib.so  retry=3
    364362password    required       pam_unix.so      md5 shadow use_authtok
    365363
     
    399397<literal># Begin /etc/pam.d/passwd
    400398
    401 password    required       pam_cracklib.so  retry=3 difok=8 minlen=5 \
    402                                             dcredit=3  ocredit=3 \
    403                                             ucredit=2  lcredit=2
     399password    required       pam_cracklib.so  type=Linux retry=1 \
     400                                            difok=5 diffignore=23 minlen=9 \
     401                                            dcredit=1 ucredit=1 lcredit=1 \
     402                                            ocredit=1 \
     403                                            dictpath=/lib/cracklib/pw_dict
    404404password    required       pam_unix.so      md5 shadow use_authtok
    405405
    406406# End /etc/pam.d/passwd</literal>
    407407EOF</userinput></screen>
     408
     409        <note><para>In its default configuration, owing to credits,
     410        pam_cracklib will allow multiple case passwords as short as 6
     411        characters, even with the <parameter>minlen</parameter> value
     412        set to 11.  You should review the pam_cracklib(8) man page and
     413        determine if these default values are acceptable for the security
     414        of your system.</para></note>
    408415
    409416      </sect4>
Note: See TracChangeset for help on using the changeset viewer.