Re: PAM restrictions

[Jeff Licquia <jeff@luci.org>]

On Fri, Jul 07, 2000 at 03:50:48PM -0500, Charles Menzes wrote:
> How does PAM enforce users to use passwords with a minimum n number of
> characters? More importantly, how can this be disabled?

On my box (Debian 2.2), I have this in /etc/pam.d/login:

# The standard Unix authentication modules, used with NIS (man nsswitch) as
# well as normal /etc/passwd and /etc/shadow entries. For the login service,
# this is only used when the password expires and must be changed, so make
# sure this one and the one in /etc/pam.d/passwd are the same. The "nullok"
# option allows users to change an empty password, else empty passwords are
# treated as locked accounts.
#
# (Add `md5' after the module name to enable MD5 passwords the same way that
# `MD5_CRYPT_ENAB' would do under login.defs).
#
# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
# login.defs. Also the "min" and "max" options enforce the length of the
# new password.

password   required   pam_unix.so nullok obscure min=4 max=8

You probably need to look for lines like that in all of the files in
/etc/pam.d, and change them to the right values (or none).

Of course, doing so is a security risk.  I'm sure you knew that
already - just making sure.
-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.