View Single Post
Old 20th June 2008
cajunman4life cajunman4life is offline
Real Name: Aaron Graves
Package Pilot
 
Join Date: May 2008
Location: Coolidge, Arizona
Posts: 203
Default

Quote:
Originally Posted by hopla View Post
How have you done that then? By using login.conf settings perhaps? Because I tried those, but never got them to work... The pam_passwdqc also seems more powerfull (not just checking if your password is long enough, but also that it contains X number of different character sets etc)
Comment out everything in /etc/pam.d/passwd, and place the following lines:

Code:
password        requisite       pam_passwdqc.so         min=disabled,8,8,8,8 retry=3 enforce=everyone
password        required        pam_unix.so             no_warn try_first_pass nullok
And this will enable this functionality in the system without adding anything to sshd_config. This way, no matter how anyone connects (although SSH is the only method I allow right now but that's not the point) they will be held to these rules.

PS - I was never able to get the settings in login.conf for password strength to work either. I read somewhere that they are silently ignored in favor of pam's configuration, and only exist for backwards compatibility.
__________________
I just saved a bunch of money on my car insurance by fleeing the scene of the accident!
Reply With Quote