Last week I talked about testing the strength of users’ passwords. Another
way to ensure security is to set a good password policy.
The PAM module pam_cracklib can enforce both length and
complexity. For length, it uses the minlen option. For complexity, it
has options dcredit, ucredit, lcredit, and
ocredit, which refer to digit, upper-case character, lower-case
character, and other character, respectively. A value of -1 for one of these
means “require one character of this type,” and a value of 1 means “give 1
credit for this type.” The credit system involves giving “length credits” for
using non-lowercase characters (so you can have a shorter password than the
minimum length if it uses non-lowercase characters), but this can be confusing
for users, so it may be best to just require certain types of character.
Try the following line in /etc/pam.d/common-password in Debian-type distros or
/etc/pam.d/system-auth in RedHat-type distros:
password requisite pam_cracklib.so retry=3 minlen=10
difok=3 dcredit=-1 ucredit=-1 lcredit=-1
|
This will set a maximum of three attempts at getting an acceptable password (users
can always rerun passwd to try again); a 10-character minimum length;
a minimum of three characters different from the last password; and a requirement
that the password contain at least one each of digit, lower-case character,
and upper-case character.
Finally, to make all your users change their passwords regularly, edit the
/etc/login.defs file to set the PASS_MAX_DAYS variable to
the maximum time allowed before changing a password. This affects only new
accounts; use the command chage to affect existing users.
This article was first published on ServerWatch.com.
RELATED NEWS AND ANALYSIS
-
Ethics and Artificial Intelligence: Driving Greater Equality
FEATURE | By James Maguire,
December 16, 2020
-
AI vs. Machine Learning vs. Deep Learning
FEATURE | By Cynthia Harvey,
December 11, 2020
-
Huawei’s AI Update: Things Are Moving Faster Than We Think
FEATURE | By Rob Enderle,
December 04, 2020
-
Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 18, 2020
-
Key Trends in Chatbots and RPA
FEATURE | By Guest Author,
November 10, 2020
-
Top 10 AIOps Companies
FEATURE | By Samuel Greengard,
November 05, 2020
-
What is Text Analysis?
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 02, 2020
-
How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 29, 2020
-
Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 23, 2020
-
The Super Moderator, or How IBM Project Debater Could Save Social Media
FEATURE | By Rob Enderle,
October 16, 2020
-
Top 10 Chatbot Platforms
FEATURE | By Cynthia Harvey,
October 07, 2020
-
Finding a Career Path in AI
ARTIFICIAL INTELLIGENCE | By Guest Author,
October 05, 2020
-
CIOs Discuss the Promise of AI and Data Science
FEATURE | By Guest Author,
September 25, 2020
-
Microsoft Is Building An AI Product That Could Predict The Future
FEATURE | By Rob Enderle,
September 25, 2020
-
Top 10 Machine Learning Companies 2021
FEATURE | By Cynthia Harvey,
September 22, 2020
-
NVIDIA and ARM: Massively Changing The AI Landscape
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
September 18, 2020
-
Continuous Intelligence: Expert Discussion [Video and Podcast]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 14, 2020
-
Artificial Intelligence: Governance and Ethics [Video]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 13, 2020
-
IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI
FEATURE | By Rob Enderle,
September 11, 2020
-
Artificial Intelligence: Perception vs. Reality
FEATURE | By James Maguire,
September 09, 2020
