Total Pageviews

Monday, 1 June 2009

How To disable pam Checking against Dictionary.

Creating Strong passwords

The best password in the world does little good if you cannot remember it; use acronyms or other mnemonic devices to aid in memorizing passwords.
Here is how to create a simple way to create a good password :
  • Over eight characters
  • Combines letters, numbers and symbols
  • Easy for you to remember, but difficult for others to guess

Make all (or some) of the following substitutions

  • For the word "are", use "r"
  • For the word "be", use "b"
  • For the word "for", use 4
  • For the word "nothing", use 0 (zero)
  • For the word "to", use 2
  • For the word "you" use "u"
  • For the word "we", use "v"
  • For any numbers, type the number
  • If permitted, use "&" for and, or "@" for at.

"To be or not to be, that is the question" becomes : 2bOn2BtItQ


"lost is the best Series from 2009" becomes : LsdbSft2&9

A friend of mine asked how to disable password checking against dictionary words in Red Hat using pam here is little how to

Open the following file with your favorite editor /etc/pam.d/system-auth eg # vi /etc/pam.d/system-auth

1) Comment out the line referencing to pam_cracklib

# password optional try_first_pass retry=3

2) Remove "use_authtok" from the line following line.

# password sufficient /lib/security/$ISA/ nullok use_authtok md5 shadow

This will disable Dictionary password checking when creating or changing passwords.

1 comment:

Anonymous said...

I am trying to implement password complexity, saw your post and tried following config in the system-auth file:
password requisite try_first_pass retry=3 minlen=9 dcredit=-2 ucredit=-2 lcredit=-2 ocredit=-2 enforce_for_root
password sufficient md5 shadow nullok try_first_pass

All the conditions are working fine, but the dictionary check is still enabled which I want to remove.
Getting the following msg:

BAD PASSWORD: The password fails the dictionary check - it is based on a dictionary word