On 6/23/06, Bhaskar <abc.bhaskar(a)gmail.com> wrote:
>
> THat is correct. You will also need to run through /etc/shadow and
> make sure that any account with passwords has the correct values in
> them also.
What do you exactly mean by running through /etc/shadow.
After you have gotten approval for a policy (or had a policy laid out)
you would go through existing accounts and retrochange their ages.
for acct in `awk -F: '{print $1}'`; do
chage -m 5 -M 90 ${acct}
done
And then force everyone who already has an account to change their
passwords at next setting.
> Password history you will need to use the pam_passwdqc moduel in pam.
>
> Most security policies will ask for a minimum length of 7 characters
> (though 8 is preferred), and a change time of 90 days.
As I mentioned, I changed /etc/pam.d/system-auth file and /etc/login.defs
file(Made minimum password length as 9), but it is not reflecting when the
user issues passwd command.
That I didn't see before in your message.
I will do some home work here and get back to you on Monday.
--
Stephen J Smoogen.
CSIRT/Linux System Administrator