diff options
| author | Patrick J Volkerding <volkerdi@slackware.com> | 2020-02-11 04:45:36 +0000 |
|---|---|---|
| committer | Eric Hameleers <alien@slackware.com> | 2020-02-11 08:59:47 +0100 |
| commit | e1ab44f93f91f5c967ac1b7143c7a8ac287d1a52 (patch) | |
| tree | 34c8b4e186959832c23d97726c0646e23b701085 /source/a/shadow | |
| parent | 0582d0c1740d0bce4f06ec9f682d87a766b50b57 (diff) | |
| download | current-e1ab44f93f91f5c967ac1b7143c7a8ac287d1a52.tar.gz | |
Tue Feb 11 04:45:36 UTC 202020200211044536
ap/man-pages-5.05-noarch-2.txz: Rebuilt.
Clean up /usr/man directory moving miscellaneous documentation to
/usr/doc/man-pages-5.05. Thanks to Xsane.
d/python-setuptools-45.2.0-x86_64-1.txz: Upgraded.
n/nfs-utils-2.4.3-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-68.5.0esr-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/68.5.0/releasenotes/
Diffstat (limited to 'source/a/shadow')
| -rw-r--r-- | source/a/shadow/pam.d/system-auth | 70 |
1 files changed, 24 insertions, 46 deletions
diff --git a/source/a/shadow/pam.d/system-auth b/source/a/shadow/pam.d/system-auth index 5fa10c80..98b4afbc 100644 --- a/source/a/shadow/pam.d/system-auth +++ b/source/a/shadow/pam.d/system-auth @@ -1,7 +1,7 @@ #%PAM-1.0 # # Most of these PAM modules have man pages included, like -# PAM_UNIX(8) for example. +# pam_unix(8) for example. # ################## @@ -35,52 +35,30 @@ account required pam_unix.so account sufficient pam_succeed_if.so uid < 100 quiet account required pam_permit.so -##################### -# Password handling # -##################### -# -# If you have CrackLib installed and enabled -# -# Passwords will be checked against a huge dictionary and need to -# have at least 6 characters (cracklib can't use 5). Some options -# of cracklib modules are: -# -# difok Number of characters that needs to be different -# between old and new characters -# minlen Password minimal length -# retry How many times the user can try bad new passwords -# dcredit,ocredit,ucredit,lcredit -# Digiti, Others, Uppercase, Lowercase characters -# Positive numbers marks the max number of credits given -# by one character class. With dcredit=5 and minlen=6, you -# can't use a full numeric password because more than 5 -# digit characters doesn't count credits to achieve the -# minimal length -# Negative numbers determine that a password needs to have -# at least N characters -# -# You can see many other pam_cracklib options at pam_cracklib(8) manpage -# -# Also, the "use_authtok" option for pam_unix is for working with pam_cracklib -# in sharing the password stack. See pam_unix(8) for more details. -# -# If you need to use CrackLib to enforce your passwords, uncomment -# two statements: -#password requisite pam_cracklib.so retry=3 minlen=6 \ -# difok=1 dcredit=5 ocredit=5 ucredit=5 lcredit=5 -#password sufficient pam_unix.so nullok sha512 shadow minlen=6 try_first_pass use_authtok -# -# -- -# A less intense option for cracklib, is: -#password requisite pam_cracklib.so retry=3 -#password sufficient pam_unix.so nullok sha512 shadow minlen=6 try_first_pass use_authtok -# -- -# The default is the "traditional" way without CrackLib. -# Passwords need to have at least 8 characters. If you are using Cracklib, -# please comment the next statement. -password sufficient pam_unix.so nullok sha512 shadow minlen=8 +############################# +# Password quality checking # +############################# +# +# Please note that unless cracklib and libpwquality are installed, setting +# passwords will not work unless the lines for the pam_pwquality module are +# commented out and the line for the traditional no-quality-check password +# changing is uncommented. +# +# The pam_pwquality module will check the quality of a user-supplied password +# against the dictionary installed for cracklib. Other tests are (or may be) +# done as well - see: man pam_pwquality +# +# Default password quality checking with pam_pwquality. If you don't want +# password quality checking, comment out these two lines and uncomment the +# traditional password handling line below. +password requisite pam_pwquality.so minlen=6 retry=3 +password sufficient pam_unix.so nullok sha512 shadow minlen=6 try_first_pass use_authtok + +# Traditional password handling without pam_pwquality password checking. +# Commented out by default to use the two pam_pwquality lines above. +#password sufficient pam_unix.so nullok sha512 shadow minlen=6 -# ATTENTION: keep the line for pam_deny.so +# ATTENTION: always keep this line for pam_deny.so: password required pam_deny.so ######################### |