Archive for December, 2014

New PDP Concept Maple

December 3rd, 2014 1 comment

After having the same Pearl kit for the last 20 years, I’ve finally replaced it. I purchased a PDP Concept Maple 7 piece in Transparent Cherry. Beautiful kit. Here’s a couple of pics of assembly:

Categories: Drums and Drumming, Uncategorized Tags:

Setting PAM requirements for password complexity and lifecycle

December 3rd, 2014 No comments

I had a fairly strict requirement at $work for a system that had the following password security requirements:

  • Minimum of 8 characters
  • Minimum of 2 different complexity classes
  • Password expires after 90 days
  • No reuse of the last 5 passwords AND no more than 1 password change per day
  • Temporary lockout after 5 failed attempts in 15 minutes, lockout to last for 15 minutes

Here’s how I solved it:

# cd /etc/pam.d
# cp system-auth-ac system-auth.local
# cp password-auth-ac password-auth.local

Modify both system-auth.local and password-auth.local to include pam_faillock and pam_cracklib. You should end up with something like:

auth required
auth sufficient nullok try_first_pass
auth [default=die] authfail audit deny=5 unlock_time=900 even_deny_root
auth sufficient authfail audit deny=5 unlock_time=900 even_deny_root
auth requisite uid >= 500 quiet
auth required

account required
account sufficient
account sufficient uid < 500 quiet account required password requisite try_first_pass retry=3 type= minlen=8 minclass=2 enforce_for_root password sufficient sha512 shadow nullok try_first_pass use_authtok remember=5 password required

Link the new files into place (to avoid authconfig from overwriting them):

# ln -sf system-auth system-auth.local
# ln -sf password-auth password-auth.local

Edit /etc/login.defs and change:


Apply immediately to root:

# chage -M 90 root
# chage -m 1 root

Categories: System Administration Tags: