Tuesday, 25 June 2013

How to Enforce Password Strength using PAM

Problem: You want your users to employ strong passwords.
 

Solution: Use the pam_cracklib PAM module to test and enforce password strength requirements automatically. 

edit the parameters in the pam_cracklib module in 

/etc/pam.d/system-auth.

To increase the number of consecutive times a user can enter an incorrect password, change the retry parameter from its default of 3;

password required /lib/security/pam_cracklib.so retry=3

NOTE: PAM allows recursion via the pam_stack module that is, one PAM module can invoke another.

No comments:

Post a Comment