[Clip] GEN000580: exec { "sed -i '/^PASS_MIN_LEN/ c\PASS_MIN_LEN\t8' /etc/login.defs": }
Aaron Prayther
aprayther at LCE.com
Tue Jul 13 08:07:05 CDT 2010
Making that change in login.defs seems to be a known bug for not
actually enforcing the minimum length.
I also changed it from 8 to 14 characters minimum... STIG reads:
"If a password does not contain a minimum of 14 characters, this is a
finding. If the system does not have the capability to enforce greater
than 8 characters, the password length should be set to 8."
This is the fix I use in the kickstart file after clip:
sed -i.orig -e 's/password\ \ \ \ required\ \ \ \ \ \ pam_cracklib.so\
try_first_pass\ retry=3\ minlen=12\ difok=3\ dcredit=-2\ ucredit=-2\
ocredit=-2\ lcredit=-2\ enforce_root/password\ \ \ \ required\ \ \ \ \ \
pam_cracklib.so\ try_first_pass\ retry=3\ minlen=14\ difok=3\
dcredit=-1\ ucredit=-1\ ocredit=-1\ lcredit=-1\ enforce_root\
maxrepeat=3/g' /etc/pam.d/system-auth
Aaron Prayther
More information about the Clip
mailing list