Results 1 to 7 of 7

Thread: password restrictions, multiple users

  1. #1
    Associate
    Join Date
    Mar 2006
    Posts
    21

    Question password restrictions, multiple users

    Good day all -

    a newcomer both here and to linux, so be gentle

    There are a lot of accounts already setup. None of them have password restrictions, such as alpha-numeric, expiration dates - the usual.

    I've done some reading and see that passwd or usermod would probably set these, but I want to do it for all existing users at once.

    And I'd also like to set some sort of system policy that will force these settings onto any future account.

    Any ideas? Thanks.

  2. #2
    Advisor Outlaw's Avatar
    Join Date
    May 2001
    Location
    Clifton Park, NY
    Posts
    630
    Something like this will enforce strong passwords and number of bad passwords until account lock

    /etc/pam.d/system-auth (Redhat)

    Code:
    #%PAM-1.0
    # This file is auto-generated.
    # User changes will be destroyed the next time authconfig is run.
    auth        required      /lib/security/$ISA/pam_env.so
    auth        required      /lib/security/$ISA/pam_tally.so onerr=fail no_magic_root
    auth        sufficient    /lib/security/$ISA/pam_pwdb.so likeauth nullok
    auth        required      /lib/security/$ISA/pam_deny.so
    
    account     required      /lib/security/$ISA/pam_pwdb.so
    account     required      /lib/security/$ISA/pam_tally.so deny=3 no_magic_root reset
    
    
    password    required      /lib/security/$ISA/pam_cracklib.so retry=3 minlen=8 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1 type=
    password    sufficient    /lib/security/$ISA/pam_pwdb.so nullok use_authtok md5 shadow
    password    required      /lib/security/$ISA/pam_deny.so
    
    session     required      /lib/security/$ISA/pam_limits.so
    session     required      /lib/security/$ISA/pam_pwdb.so
    Something like this will set password expire, warning etc for new users added

    /etc/login.defs (Redhat)

    Code:
    # Password aging controls:
    #
    #       PASS_MAX_DAYS   Maximum number of days a password may be used.
    #       PASS_MIN_DAYS   Minimum number of days allowed between password changes.
    #       PASS_MIN_LEN    Minimum acceptable password length.
    #       PASS_WARN_AGE   Number of days warning given before a password expires.
    #
    PASS_MAX_DAYS  90
    PASS_MIN_DAYS  15
    PASS_MIN_LEN   8
    PASS_WARN_AGE  10
    Some timeouts (same file)

    Code:
    LOGIN_RETRIES  5
    FAIL_DELAY     4
    To change existing users, you'll have to script something that either does a usermod for all users above a certain UID OR script something that edits /etc/shadow to look like this for users above XXX UID.

    Code:
    user:PASS-HASH:13243:15:90:10:14:-1:-1

  3. #3
    Moderator
    Good Guru
    Schotty's Avatar
    Join Date
    Jul 2001
    Location
    Milwaukee, WI
    Posts
    5,760
    Outlaw is right.

    Another option if you want to do a mass passwd type command is to script up that into a bash script to do the real work.

    (untested example but should work assuming each user has its own /home/ account)

    for $i in 'ls /home/';
    do passwd blahblahparameters $i
    done

  4. #4
    Associate
    Join Date
    Mar 2006
    Posts
    21
    Thank you Sir.

  5. #5
    Moderator
    Good Guru
    Schotty's Avatar
    Join Date
    Jul 2001
    Location
    Milwaukee, WI
    Posts
    5,760
    So how did it go, and what did you do that worked?

  6. #6
    Associate
    Join Date
    Mar 2006
    Posts
    21
    When I said I was a newbie, I wasn't kidding. I had to learn how to write a bash script, and now I have one that will generate a clean list of users. I'm going to take that and use the for /do passwd blah blah $i/done idea that you gave me.

    This stuff reminds me a lot of DOS, if any of you ever used it back in the days when windows didn't exist :-)

  7. #7
    Moderator
    Good Guru
    Schotty's Avatar
    Join Date
    Jul 2001
    Location
    Milwaukee, WI
    Posts
    5,760
    I knew a guy who introduced me to BBSes back in the day who regularly got into competitions of batch file creation. From games to utilites that were purely batch files. Quite interesting, and exactly what BASH can do too. BASH is though a bit more refined I think.

    Glad that that tip helped. Just curious as to what fixed your woes Glad the forums were helpful. Stay here, and you will get anwers to most of your hurdles if not all of them.

Similar Threads

  1. SFTP allow multiple users to upload file into a directory
    By svar in forum Linux - General Topics
    Replies: 1
    Last Post: 12-23-2010, 10:41 AM
  2. Putting multiple users in newly created group in one shot.
    By hrishikesh in forum Redhat / Fedora
    Replies: 0
    Last Post: 06-22-2008, 12:31 PM
  3. Password restrictions
    By sabre in forum Linux - Software, Applications & Programming
    Replies: 1
    Last Post: 04-27-2006, 04:52 PM
  4. users and password authentication in squid
    By duttasupriya in forum Linux - Hardware, Networking & Security
    Replies: 1
    Last Post: 02-08-2005, 06:13 AM
  5. How do I send a single email to multiple users?
    By fhester in forum Linux - General Topics
    Replies: 1
    Last Post: 07-21-2004, 07:32 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •