After having the same Pearl kit for the last 20 years, I’ve finally replaced it. I purchased a PDP Concept Maple 7 piece in Transparent Cherry. Beautiful kit. Here’s a couple of pics of assembly:
-
-
Unpacked Kit
-
-
Assembled Kit
-
-
Kit fully set up.
I had a fairly strict requirement at $work for a system that had the following password security requirements:
- Minimum of 8 characters
- Minimum of 2 different complexity classes
- Password expires after 90 days
- No reuse of the last 5 passwords AND no more than 1 password change per day
- Temporary lockout after 5 failed attempts in 15 minutes, lockout to last for 15 minutes
Here’s how I solved it:
# cd /etc/pam.d
# cp system-auth-ac system-auth.local
# cp password-auth-ac password-auth.local
Modify both system-auth.local and password-auth.local to include pam_faillock and pam_cracklib. You should end up with something like:
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth [default=die] pam_faillock.so authfail audit deny=5 unlock_time=900 even_deny_root
auth sufficient pam_faillock.so authfail audit deny=5 unlock_time=900 even_deny_root
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3 type= minlen=8 minclass=2 enforce_for_root
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok remember=5
password required pam_deny.so
Link the new files into place (to avoid authconfig from overwriting them):
# ln -sf system-auth system-auth.local
# ln -sf password-auth password-auth.local
Edit /etc/login.defs and change:
PASS_MAX_DAYS 99999 to PASS_MAX_DAYS 90
PASS_MIN_DAYS 0 to PASS_MIN_DAYS 1
Apply immediately to root:
# chage -M 90 root
# chage -m 1 root
Recent Comments