Thursday, December 30, 2010

Strengthening PAM

If OpenBSD is one os the securest Operating  Systems out there .. then I think by default Debian should implement stronger passwords.

But I guess we will just have to do it ourselves.

Basically run (This is for Debian Lenny)

apt-get install libpam-cracklib

Edit  /etc/pam.d/common-password

Comment out line 24.

I.e. password   required nullok obscure md5

Further down you will see

password requisite retry=3 minlen=8 difok=3
password [success=1 default=ignore] obscure use_authtok try_first_pass sha512

Remove the comments. And thats that.

Whats interesting is that Debian Squeeze, does this automagically.

Personally I would change minlen to 10  and difok to 6.



No comments:

Post a Comment