I need to implement some better control for passwords on a our slackware servers. I have always manually done this but the need for some automation routines to handle a lifetime check, length, complexity and history. Does anyone know of a utility that can assist me in this regard?
Asked
Active
Viewed 870 times
1 Answers
2
For password lifetimes, you can set the maximum age in /etc/login.defs
. For length and complexity checks, that's a feature of pam_cracklib
, which should be enabled somewhere in /etc/pam.d/
. You can read the man page for a list of all the options.
Unfortunately I haven't seen anything that keeps track of a password history, the best cracklib can do is compare against the previous password.
![](../../users/profiles/5922.webp)
Kamil Kisiel
- 11,946
- 7
- 46
- 68
-
Slack doesn't do PAM. Or it hasn't done it in the past, I haven't played with it in a while. You can always test your shadow file with John the Ripper and some wordlists. – Marcin Aug 11 '09 at 16:49
-
pam_cracklib can remember more than 1 previous password. The documentation suggests that the realistic limit to this is about 400 previous passwords per user due to internal limits. – Travis Campbell Aug 11 '09 at 21:06