I would like to filter the passphrase suggestions that are provided by the passwdqc module when a user tries to change his/her password. For example in the following text
You can now choose the new password or passphrase.
A valid password should be a mix of upper and lower case letters,
digits, and other characters. You can use an X character long
password with characters from at least X of these X classes.
An upper case letter that begins the password and a digit that
ends it do not count towards the number of character classes used.
A passphrase should be of at least 3 words, 16 to 40 characters
long and contain enough different characters.
Alternatively, if noone else can see your terminal now, you can
pick this as your password: "robust-emit&wood".
Is there a ways to filter the passphrase as for example not to show the word "robust" ever. also can I customize the above message?
This is being done to filter out any abusive words that could potentially appear in the suggested password list.
PAM pam_passwdqc.so filter passphrase suggestions
-
- Posts: 2
- Joined: 2014/06/27 18:23:29
Re: PAM pam_passwdqc.so filter passphrase suggestions
Did you read man pam_passwdqc to see what options it has?
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
- Posts: 2
- Joined: 2014/06/27 18:23:29
Re: PAM pam_passwdqc.so filter passphrase suggestions
I can't find any information regarding custom message or random passphrase generation filters under the man pages. Is there a specific dictionary file that this module uses? if yes can we edit that.?
Re: PAM pam_passwdqc.so filter passphrase suggestions
I had assumed that this part of the man page covered that but perhaps I'm misreading it?I can't find any information regarding custom message
I'm not aware of how it gets its dictionary but running strings /lib64/security/pam_passwdqc.so | less looks to me like it is compiled in.oldpass_prompt_file, newpass_prompt_file = absolute-file-path
These can be used to override prompts while requesting old password and new password,
respectively. The maximum size of the prompt files can be 4096 characters at present. If
the file size is more than 4096 characters, the output will be truncated to 4096 charac-
ters.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke