Linux password policies

Password expiration (when password is changed or account is created):

edit login.defs

parameters are:
Password policies include: PASS_MAX_DAYS, PASS_MIN_DAYS, PASS_MIN_LEN

From http://www.puschitz.com/SecuringLinux.shtml#EnforcingStrongerPasswords and http://kbase.redhat.com/faq/FAQ_80_6045.shtm:

Create backup then list contents of the tar file:

# tar -cvf backup.tar /etc/pam.d/system-auth /lib/security/*
# tar -tf backup.tar

Open file /etc/pam.d/system-auth file with an editor such as vi. Inside the /etc/pam.d/system-auth file you will find line:

password requisite /lib/security/$ISA/pam_cracklib.so retry=3 type=

To require a password of at least 8 characters, including at least one lower-case, one upper-case, on numeric, and one other character, replace that line with:

password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3 minlen=8 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1

No comments: