OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Security PAM Problem
From: David Homer (davidhomerhotmail.com)
Date: Wed Nov 29 2000 - 13:06:13 CST

Hello,

I have purchased RedHat 7 standard and Im having problems with PAM (I spoke
to Michael) see below for our conversation and he suggested I speak to
you...

Basically I want to use WU IMAP but this uses PAM which is too good! I need
to be able for users to set simple passwords (this is for schools) without
the usual password length and dictionary checks...

I tried removing the pam_cracklibs line from /etc/pam.d/system-auth but with
no luck (see conversation below)

Any ideas? The council is about to bin this project in exchange from M$
Proxy and Exchange server if I dont get it sussed this week...

Thanks loads,

Dave

>From: "Michael K. Johnson" <johnsonmredhat.com>
>To: "David Homer" <davidhomerhotmail.com>
>Subject: Re: Security PAM Problem
>Date: Wed, 29 Nov 2000 13:40:41 -0500
>
>
>I gave you another contact; pam-listredhat.com is better than asking
>any one person. I haven't personally been involved in PAM for a few
>years. That doesn't mean that no one at Red Hat has any idea. I
>am just in a completely different group and it's not what I specialize
>in any more.
>
>michaelkjohnson
>
> "He that composes himself is wiser than he that composes a book."
> Linux Application Development -- Ben Franklin
> http://people.redhat.com/johnsonm/lad/
>
>
>"David Homer" writes:
> >Oh man! You're from RedHat and you dont know... This is not good - is
>there
> >anyone else at RedHat that might know about this
> >
> >This is basically going to get my project binned and Linux scrapped
>totally
> >from being used in the schools if I dont sort this THIS WEEK!
> >
> >Please any other contacts or anything will be much appreciated!!!!
> >
> >
> >Thanks again
> >
> >
> >Dave
> >
> >
> >
> >
> >>From: "Michael K. Johnson" <johnsonmredhat.com>
> >>To: "David Homer" <davidhomerhotmail.com>
> >>Subject: Re: Security PAM Problem
> >>Date: Wed, 29 Nov 2000 12:13:40 -0500
> >>
> >>
> >>Then I'm not sure; pam_unix might be doing its own checks. I haven't
> >>touched pam for a while... pam-list is probably a better place to
> >>ask.
> >>
> >>michaelkjohnson
> >>
> >> "He that composes himself is wiser than he that composes a book."
> >> Linux Application Development -- Ben Franklin
> >> http://people.redhat.com/johnsonm/lad/
> >>
> >>
> >>"David Homer" writes:
> >> >Hey thanks for the reply!
> >> >
> >> >I am using RedHat 7 and the version of PAM that came with RedHat7
> >> >
> >> >The file that is used system-auth - I have edited the system-auth file
> >>and
> >> >commented out the pam_craclib line and now the first time I put a
> >>password
> >> >in it doesnt check it but it then asks for the password to be
>confirmed
> >>and
> >> >the usual rules kick in and the password is rejected based on size,
> >> >dictionary check etc etc
> >> >
> >> >Am I missing something here
> >> >
> >> >
> >> >PS I also removed the pam_cracklib.so file so its not using it...
> >> >
> >> >
> >> >Thanks
> >> >
> >> >
> >> >Dave
> >> >
> >> >
> >> >
> >> >
> >> >>From: "Michael K. Johnson" <johnsonmredhat.com>
> >> >>To: "David Homer" <davidhomerhotmail.com>
> >> >>Subject: Re: Security PAM Problem
> >> >>Date: Wed, 29 Nov 2000 10:04:55 -0500
> >> >>
> >> >>
> >> >>/etc/pam.d/passwd or system-auth (depending on version)
> >> >>remove or comment out the pam_cracklib line.
> >> >>
> >> >>"David Homer" writes:
> >> >> >Hello,
> >> >> >
> >> >> >
> >> >> >Sorry to bother you but I have a problem with PAM in that it gives
>too
> >> >>much
> >> >> >security and I've seen that you deal with PAM.
> >> >> >
> >> >> >
> >> >> >
> >> >> >I need users to be able to change their password to a simple four
> >>letter
> >> >>or
> >> >> >more word with no dictionary checks etc... (This is for schools
>e-mail
> >> >> >servers)
> >> >> >
> >> >> >
> >> >> >
> >> >> >I am using RedHat 7 with PAM-0.72-26 that came with it
> >> >> >
> >> >> >
> >> >> >
> >> >> >What I've done...
> >> >> >
> >> >> >I have edited /etc/pam.d/system-auth and commented out the
> >> >>pam_cracklib.so
> >> >> >line and when you put the new password in its ok but when you are
> >>asked
> >> >>to
> >> >> >reenter password the normal check applies and the passwords are
> >>rejected
> >> >>by
> >> >> >length, dictionary check and not enough different characters etc
>etc
> >> >> >
> >> >> >
> >> >> >How can I stop these checks for new user passwords?
> >> >> >
> >> >> >
> >> >> >Any help would be great!
> >> >> >
> >> >> >
> >> >> >Thanks
> >> >> >
> >> >> >
> >> >> >Dave
> >> >> >
> >> >> >
> >> >>
> >>
> >_____________________________________________________________________________________
> >> >> >Get more from the Web. FREE MSN Explorer download :
> >> >>http://explorer.msn.com
> >> >> >
> >> >>
> >> >
> >>
> >_____________________________________________________________________________________
> >> >Get more from the Web. FREE MSN Explorer download :
> >>http://explorer.msn.com
> >> >
> >>
> >
> >_____________________________________________________________________________________
> >Get more from the Web. FREE MSN Explorer download :
>http://explorer.msn.com
> >
>

_____________________________________________________________________________________
Get more from the Web. FREE MSN Explorer download : http://explorer.msn.com

_______________________________________________
Pam-list mailing list
Pam-listredhat.com
https://listman.redhat.com/mailman/listinfo/pam-list