[Clip] GEN000580: exec { "sed -i '/^PASS_MIN_LEN/ c\PASS_MIN_LEN\t8' /etc/login.defs": }
Aaron Lippold
lippold at gmail.com
Fri Jul 16 15:01:16 CDT 2010
Hi,
Why not just change the init.pp file? That way it says in the correct
state upon future runs of the content.
A
On Tue, Jul 13, 2010 at 9:07 AM, Aaron Prayther <aprayther at lce.com> wrote:
> Making that change in login.defs seems to be a known bug for not
> actually enforcing the minimum length.
>
> I also changed it from 8 to 14 characters minimum... STIG reads:
>
> "If a password does not contain a minimum of 14 characters, this is a
> finding. If the system does not have the capability to enforce greater
> than 8 characters, the password length should be set to 8."
>
> This is the fix I use in the kickstart file after clip:
>
> sed -i.orig -e 's/password\ \ \ \ required\ \ \ \ \ \ pam_cracklib.so\
> try_first_pass\ retry=3\ minlen=12\ difok=3\ dcredit=-2\ ucredit=-2\
> ocredit=-2\ lcredit=-2\ enforce_root/password\ \ \ \ required\ \ \ \ \ \
> pam_cracklib.so\ try_first_pass\ retry=3\ minlen=14\ difok=3\
> dcredit=-1\ ucredit=-1\ ocredit=-1\ lcredit=-1\ enforce_root\
> maxrepeat=3/g' /etc/pam.d/system-auth
>
> Aaron Prayther
>
>
> _______________________________________________
> Clip mailing list
> Clip at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/clip
>
More information about the Clip
mailing list