Hi, I've been hardening a box (woody installation upgraded to sarge) by following along the Securing Debian howto.
I added the following two lines (which aren't exact copies of those in the hwoto) to /etc/pam.d/common-password: password required pam_cracklib.so retry=3 minlength=12 difok=3 password required pam_unix.so use_authtok md5 min=12 max=128 To test this I created a new user with a 7 character password. That was accepted no problems, no complaints. The new user was able to login, similarly with no complaints about the password being too short. Both /etc/pam.d/login and /etc/pam.d/passwd reference /etc/pam.d/common-password (@include common-passwd), so I would think they should have rejected this 7 character password. Any suggestions as to what I may have not set up properly? I think the following should be anecdotal, but it was peculiar so maybe it means something. I had to install libpam-cracklib to do this. The Securing Debian howto said I would also need to install a wordlist such as wbritish for cracklib to work. Installing libpam-cracklib pulled in cracklib-runtime, and cracklib2 but didn't require me to have a word list. I figured that the howto was out of date on this issue. However, when I first tried to create this new user, passwd crapped out with the error "Critical error - immediate abort". A google result suggested installing wbritish and run /etc/cron.daily/cracklib. That allowed me to create the new user. End of anecdote. Thanks, gc -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
