[ug-bosug] Forcing root user to follow the passwd construction
rules
Binu Jose Philip
binu.j.philip at sun.com
Fri Jun 2 04:27:58 PDT 2006
Archana Shah <archana.shah at wipro.com> writes:
> hi Binu,
>
> Thanks for the reply.
>
> I could make it work on Linux but on Solaris, it did not work. I tried
> to change PAM to use authtok_check for the passwd. But it did not
> work. :-(
>
> I don't know how do we configure pam.conf to achieve the same. Could
> you please provide some more help ..
It is so much easier when I don't have to think ;-)
Things have changed for the better from when I last touched PAM.
The default pam.conf has pam_authtok_check in the password stack.
...
#
other password required pam_dhkeys.so.1
other password required pam_authtok_get.so.1
other password requisite pam_authtok_check.so.1 <<< here it is towards the end of pam.conf
other password required pam_authtok_store.so.1
#
...
Turns out, you need to edit /etc/default/passwd to set the
configurables to values that suits you. Try that and let us know.
cheers
Binu
ps <feel good>:
It gives a warm and fuzzy feeling to think, a year ago I couldn't
have said; If you want to check the code to verify whether it
does everything you want, look at
http://cvs.opensolaris.org/source/xref/on/usr/src/lib/pam_modules/authtok_check/authtok_check.c
and modify it if needed ;-)
> Regards,
> Archana.
>
> Binu Jose Philip wrote:
>
>>Archana Shah <archana.shah at wipro.com> writes:
>>
>>
>>
>>>Hi,
>>>
>>>When a user changes the password, it has to follow certain rules like
>>>; the password should not be less than 8 characters and it should not
>>>be based on the username etc..
>>>
>>>I want root user also to follow the password construction rules
>>>i.e. When changing any users' passwd as root user, it should still
>>>follow those rules. How do i make this work ? Could somebody help me
>>>please ..
>>>
>>>
>>
>>Your best bet is to setup PAM to use authtok_check. IIRC, it can
>>do everything pam_passwdqc does in linux. The root restrictions
>>you need can also be done through pam.conf tweaks.
>>
>>The pam(3pam) man page and/or docs.sun.com can tell you more.
>>
>>cheers
>>Binu
>>
>>
>>
>>>Regards,
>>>Archana.
>>>
>>>
>>>
>>>The information contained in this electronic message and any
>>>attachments to this message are intended for the exclusive use of the
>>>addressee(s) and may contain proprietary, confidential or privileged
>>>information. If you are not the intended recipient, you should not
>>>disseminate, distribute or copy this e-mail. Please notify the sender
>>>immediately and destroy all copies of this message and any
>>>attachments.
>>>
>>>WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
>>> www.wipro.com
>>>_______________________________________________
>>>ug-bosug mailing list
>>>List-Unsubscribe: mailto:ug-bosug-unsubscribe at opensolaris.org
>>>List-Owner: mailto:ug-bosug-owner at opensolaris.org
>>>List-Archives: http://www.opensolaris.org/jive/forum.jspa?forumID=54
>>>
>>>
>>
>>
>>
>
>
_______________________________________________
ug-bosug mailing list
List-Unsubscribe: mailto:ug-bosug-unsubscribe at opensolaris.org
List-Owner: mailto:ug-bosug-owner at opensolaris.org
List-Archives: http://www.opensolaris.org/jive/forum.jspa?forumID=54
More information about the ug-discuss
mailing list