securing debian, pam
Hi,
I've been hardening a box (woody installation upgraded to sarge) by
following along the Securing Debian howto.
I added the following two lines (which aren't exact copies of those in the
hwoto) to /etc/pam.d/common-password:
password required pam_cracklib.so retry=3 minlength=12 difok=3
password required pam_unix.so use_authtok md5 min=12 max=128
To test this I created a new user with a 7 character password. That was
accepted no problems, no complaints. The new user was able to login,
similarly with no complaints about the password being too short. Both
/etc/pam.d/login and /etc/pam.d/passwd reference /etc/pam.d/common-password
(@include common-passwd), so I would think they should have rejected this 7
character password. Any suggestions as to what I may have not set up
properly?
I think the following should be anecdotal, but it was peculiar so maybe it
means something. I had to install libpam-cracklib to do this. The Securing
Debian howto said I would also need to install a wordlist such as wbritish
for cracklib to work. Installing libpam-cracklib pulled in
cracklib-runtime, and cracklib2 but didn't require me to have a word list.
I figured that the howto was out of date on this issue.
However, when I first tried to create this new user, passwd crapped out
with the error "Critical error - immediate abort". A google result
suggested installing wbritish and run /etc/cron.daily/cracklib. That
allowed me to create the new user. End of anecdote.
Thanks,
gc
Reply to: