Package: harden-doc Version: 3.11 Severity: normal Hi!
Section 4.11.3 _User login actions: edit /etc/login.defs_[1] talks about FAIL_DELAY and PASS_MAX_LEN. However, according to /etc/login.defs itself[2], these two parameters are now obsoleted by PAM. I think that some updated information on this topic should be provided by the manual: how can I set an equivalent configuration with PAM? I failed to find any delay-related setting in my default[3] PAM configuration. I suppose that the PAM equivalent of PASS_MAX_LEN is the max parameter of the following /etc/pam.d/common-password line: password required pam_unix.so nullok obscure min=6 max=11 md5 What if I use pam_cracklib.so, as suggested by section 4.11.1 _User authentication: PAM_[1]? password required pam_cracklib.so retry=3 minlen=12 difok=3 password required pam_unix.so use_authtok nullok md5 [1] which is inside http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html#s4.11 [2] on an updated Debian testing system [3] the system was installed not long before the etch release, using the network installation CD labelled Debian GNU/Linux testing "Etch" - Official Snapshot amd64 NETINST Binary-1 20070303-09:19 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
