Re: Password security/Weak Password lockout
Paul Gupta wrote:
> By what mechanism does debian decide whether or not a password is too
> weak etc.
> ...
> What is it exactly? AND How would one configure it to be stricter or
> more lenient with password selection?
I use libpam-cracklib to protect from dictionary attacks. Also installed some
dictionaries, see apt-cache search dictionary | grep "/usr/share/dict"
/etc/pam.d/common-password:
password required pam_cracklib.so retry=3 minlen=10 difok=3
3 retries, minimum length of password 10 characters, 3 characters is allowed
to match with the previous password.
Hope that gets you started. Maybe check this out, too.
http://www.linuxsecurity.com/resource_files/host_security/securing-debian-howto/ap-checklist.en.html
--
Juha Tuuna
Reply to: