* You can also apply following options to compute the ‘unsimplicity’ of the password. User will see error – BAD PASSWORD: is too similar to the old one * difok=6: How many characters can be the same in the new password relative to the old. And you are allowed only 2 times using retry option. This is the minimum simplicity count for a good password. * minlen=10 : minimum length allowed for an account password is set to 10 characters. * retry=2 : Prompt user at most 2 times before returning with error Password required pam_cracklib.so retry=2 minlen=10 difok=6 Password required /lib/security/pam_cracklib.so retry=2 minlen=10 difok=6įor Debian or Ubuntu Linux, First install libpam-cracklib PAM module to enable cracklib support. And make modification as follows.įor Redhat/Fedora/CentOS Linux, cracklib PAM module is installed by default so no need to install anything. Open password configuration file according to your Linux distribution. User is not allowed to set new password until and unless conditions satisfied (i.e. It will check the password against dictionary words. You can be configured to verify that passwords (read as weak password) cannot be guessed easily using Linux PAM module called pam_cracklib.so. How to check user passwords against a dictionary attack?
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |