Author Topic: Linux Password Policy  (Read 998 times)

0 Members and 1 Guest are viewing this topic.

Offline osama.mansoor

  • Jr. Member
  • **
  • Posts: 31
  • Karma: 0
  • I've just joined!
    • View Profile
    • Awards
Linux Password Policy
« on: September 07, 2021, 06:22:13 am »
Hi Expert,

I am not very expert in Linux so please advise me.

I have Oracle Linux 7.6 (Unbreakable) and wanted to configured Password Policy according to my organization therefore I have altered three files 1. Login.defs   2. Pwquality.conf 3. system-auth.

In Login.defs i have changed the value

PASS_MAX_DAYS   = 3
PASS_MIN_DAYS    = 1
PASS_MIN_LEN        = 9
PASS_WARN_AGE    1

Pwquality

minlen = 9
minclass = 2
minrepeat = 2

System-auth

added line after Password sufficient  remember=3

Problem :
1. when i tired to created user after applying changes from root i can set the password of 7 character also with out special character so means policy is not working ?

2. When i ran the command chage -l user1 (Created Before Applying changes) it shows default values) however when i ran the same command on user5 which i created after applying changes it shows my applicable values.

Please correct me what i did wrong in this configuration.




Offline Brian000

  • Jr. Member
  • **
  • Posts: 19
  • Karma: 1
    • View Profile
    • Awards
Re: Linux Password Policy
« Reply #1 on: September 12, 2021, 08:40:11 am »
Hi,

I expect it to be same/similar to RHEL/CentOS but there seems to be a slightly different process for ROOT - check out Oracle Document 2320972.1

"The scope of this document is to configure password complexity for all the users, including root."
https://support.oracle.com/knowledge/Oracle%20Linux%20and%20Virtualization/2320972_1.html

FYI - the normal user process seem to be here:

"This document describes the PAM pam_cracklib credit system in relation to Linux PAM password complexity."
https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=8017625212726&parent=DOCUMENT&sourceId=2320972.1&id=1614028.1&_afrWindowMode=0&_adf.ctrl-state=4qq4m0xf_102


You'll need to create a (free) account......





The Linux Community Forum

Re: Linux Password Policy
« Reply #1 on: September 12, 2021, 08:40:11 am »

Offline osama.mansoor

  • Jr. Member
  • **
  • Posts: 31
  • Karma: 0
  • I've just joined!
    • View Profile
    • Awards
Re: Linux Password Policy
« Reply #2 on: September 15, 2021, 08:06:47 am »
Thanks for your response.

actually, my query is to implement a complete password policy.

Password Policy is implemented but got an error when the user prompt for an error.

login as: user5
[email protected]'s password:
You are required to change your password immediately (password aged)
Last login: Wed Sep 15 11:12:36 2021 from lap-4.csaplho.pk

WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user user5.
Changing password for user5.
(current) UNIX password:
passwd: Authentication token manipulation erro

Offline Brian000

  • Jr. Member
  • **
  • Posts: 19
  • Karma: 1
    • View Profile
    • Awards
Re: Linux Password Policy
« Reply #3 on: September 17, 2021, 11:46:22 pm »
Hi,

Reading a few things, the error sounds to be due to a config error - is anything reaching the logs?

This page suggest that there are setup differences between DEB and RPM systems (like OL) - so, it may be worth a double check.
https://ostechnix.com/how-to-set-password-policies-in-linux/

But.... if you can undo your changes, and reimplement each in turn, you may be able to identify the cause and also gain confidence in the changes you're making.

Let us know how you get on....

 


SimplePortal 2.3.3 © 2008-2010, SimplePortal