Страница 1 из 1

Длина пароля. FreeBSD 7.0

Добавлено: 2008-09-20 20:37:16
Avatar
Как регламентировать минимальную длину пароля чтобы при использовании команды passwd она ругалась если юзер вводит слишком маленький или простой пароль?
Переменные

Код: Выделить всё

:minpasswordlen=9:\
:mixpasswordcase=true:\
не помогают.
Рыл маны там что-то про PAM пишут. Попробовал выставить в /etc/pam.d/passwd

Код: Выделить всё

password	required	pam_passwdqc.so		min=disabled,disabled,disabled,9,9 passphrase=0 random=0
password	required	pam_unix.so		no_warn try_first_pass nullok
вроде все заворкало но только на руте - из под юзера не меняется пароль.

Re: Длина пароля. FreeBSD 7.0

Добавлено: 2008-09-20 21:29:04
dikens3
поправил login.conf а сделать cap_mkdb забыл?

Re: Длина пароля. FreeBSD 7.0

Добавлено: 2008-09-21 18:27:04
Avatar
Неа, не забыл в том то и дело. Не работает и все тут.

Re: Длина пароля. FreeBSD 7.0

Добавлено: 2008-09-22 8:35:01
zingel
The new password should be at least six characters long (which may be
overridden using the login.conf(5) ``minpasswordlen'' setting for a
user's login class) and not purely alphabetic. Its total length must be
less than _PASSWORD_LEN (currently 128 characters).

The new password should contain a mixture of upper and lower case charac-
ters (which may be overridden using the login.conf(5) ``mixpasswordcase''
setting for a user's login class). Allowing lower case passwords may be
useful where the password file will be used in situations where only
lower case passwords are permissible, such as when using Samba to authen-
ticate Windows clients. In all other situations, numbers, upper case
letters and meta characters are encouraged.
если не работает в login.conf, то давай

Код: Выделить всё

dmesg -a

Re: Длина пароля. FreeBSD 7.0

Добавлено: 2008-09-22 14:34:06
Avatar
Я так понимаю что в 7 ветке все именно на PAM замешано вот только как это грамогтно настроить? МАНы скудны инфой.

Код: Выделить всё

[15:29]/root #dmesg -a
Copyright (c) 1992-2008 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
        The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 7.0-RELEASE #0: Sun Sep 21 04:48:34 UTC 2008
    root@KOTIK.kolatelecom.ru:/usr/obj/usr/src/sys/KOTIK_KERNEL
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel(R) Pentium(R) M processor 1.73GHz (1729.18-MHz 686-class CPU)
  Origin = "GenuineIntel"  Id = 0x6d8  Stepping = 8
  Features=0xafe9fbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,C
MOV,PAT,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,PBE>
  Features2=0x180<EST,TM2>
  AMD Features=0x100000<NX>
real memory  = 1340932096 (1278 MB)
avail memory = 1299673088 (1239 MB)
ACPI APIC Table: <INTEL  ALVISO  >
ioapic0: Changing APIC ID to 1
ioapic0 <Version 2.0> irqs 0-23 on motherboard
kbd1 at kbdmux0
acpi0: <PTLTD   RSDT> on motherboard
acpi0: [ITHREAD]
acpi0: Power Button (fixed)
Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x1008-0x100b on acpi0
acpi_ec0: <Embedded Controller: GPE 0x17> port 0x62,0x66 on acpi0
cpu0: <ACPI CPU> on acpi0
est0: <Enhanced SpeedStep Frequency Control> on cpu0
p4tcc0: <CPU Frequency Thermal Control> on cpu0
acpi_lid0: <Control Method Lid Switch> on acpi0
acpi_button0: <Sleep Button> on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
pcib1: <ACPI PCI-PCI bridge> irq 16 at device 1.0 on pci0
pci1: <ACPI PCI bus> on pcib1
vgapci0: <VGA-compatible display> mem 0xa0000000-0xa0ffffff,0xc0000000-0xc7fffff
f,0x90000000-0x90ffffff irq 16 at device 0.0 on pci1
nvidia0: <GeForce Go 6200> on vgapci0
vgapci0: child nvidia0 requested pci_enable_busmaster
vgapci0: child nvidia0 requested pci_enable_io
nvidia0: [GIANT-LOCKED]
nvidia0: [ITHREAD]
pcib2: <ACPI PCI-PCI bridge> irq 17 at device 28.0 on pci0
pci5: <ACPI PCI bus> on pcib2
pcib3: <ACPI PCI-PCI bridge> irq 16 at device 28.1 on pci0
pci2: <ACPI PCI bus> on pcib3
uhci0: <Intel 82801FB/FR/FW/FRW (ICH6) USB controller USB-A> port 0x1800-0x181f
irq 23 at device 29.0 on pci0
uhci0: [GIANT-LOCKED]
uhci0: [ITHREAD]
usb0: <Intel 82801FB/FR/FW/FRW (ICH6) USB controller USB-A> on uhci0
usb0: USB revision 1.0
uhub0: <Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1> on usb0
uhub0: 2 ports with 2 removable, self powered
uhci1: <Intel 82801FB/FR/FW/FRW (ICH6) USB controller USB-B> port 0x1820-0x183f
irq 17 at device 29.1 on pci0
uhci1: [GIANT-LOCKED]
uhci1: [ITHREAD]
usb1: <Intel 82801FB/FR/FW/FRW (ICH6) USB controller USB-B> on uhci1
usb1: USB revision 1.0
uhub1: <Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1> on usb1
uhub1: 2 ports with 2 removable, self powered
uhci2: <Intel 82801FB/FR/FW/FRW (ICH6) USB controller USB-C> port 0x1840-0x185f
irq 18 at device 29.2 on pci0
uhci2: [GIANT-LOCKED]
uhci2: [ITHREAD]
usb2: <Intel 82801FB/FR/FW/FRW (ICH6) USB controller USB-C> on uhci2
usb2: USB revision 1.0
uhub2: <Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1> on usb2
uhub2: 2 ports with 2 removable, self powered
uhci3: <Intel 82801FB/FR/FW/FRW (ICH6) USB controller USB-D> port 0x1860-0x187f
irq 19 at device 29.3 on pci0
uhci3: [GIANT-LOCKED]
uhci3: [ITHREAD]
usb3: <Intel 82801FB/FR/FW/FRW (ICH6) USB controller USB-D> on uhci3
usb3: USB revision 1.0
uhub3: <Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1> on usb3
uhub3: 2 ports with 2 removable, self powered
ehci0: <Intel 82801FB (ICH6) USB 2.0 controller> mem 0x80000000-0x800003ff irq 2
3 at device 29.7 on pci0
ehci0: [GIANT-LOCKED]
ehci0: [ITHREAD]
usb4: EHCI version 1.0
usb4: companion controllers, 2 ports each: usb0 usb1 usb2 usb3
usb4: <Intel 82801FB (ICH6) USB 2.0 controller> on ehci0
usb4: USB revision 2.0
uhub4: <Intel EHCI root hub, class 9/0, rev 2.00/1.00, addr 1> on usb4
uhub4: 8 ports with 8 removable, self powered
pcib4: <ACPI PCI-PCI bridge> at device 30.0 on pci0
pci6: <ACPI PCI bus> on pcib4
pci6: <network> at device 5.0 (no driver attached)
re0: <RealTek 8169SB/8110SB Single-chip Gigabit Ethernet> port 0x4000-0x40ff mem
 0xb4007000-0xb40070ff irq 20 at device 7.0 on pci6
miibus0: <MII bus> on re0
rgephy0: <RTL8169S/8110S/8211B media interface> PHY 1 on miibus0
rgephy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-F
DX, auto
re0: Ethernet address: 00:0a:e4:fa:d2:1c
re0: [FILTER]
pci6: <bridge, PCI-CardBus> at device 9.0 (no driver attached)
pci6: <serial bus, FireWire> at device 9.2 (no driver attached)
pci6: <mass storage> at device 9.3 (no driver attached)
pci6: <base peripheral> at device 9.4 (no driver attached)
pcm0: <Intel ICH6 (82801FB)> port 0x1c00-0x1cff,0x1880-0x18bf mem 0x80000800-0x8
00009ff,0x80000400-0x800004ff irq 21 at device 30.2 on pci0
pcm0: [ITHREAD]
pcm0: <Avance Logic ALC655 AC97 Codec>
pci0: <simple comms, generic modem> at device 30.3 (no driver attached)
isab0: <PCI-ISA bridge> at device 31.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <Intel ICH6 UDMA100 controller> port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x37
6,0x18c0-0x18cf irq 16 at device 31.1 on pci0
ata0: <ATA channel 0> on atapci0
ata0: [ITHREAD]
ata1: <ATA channel 1> on atapci0
ata1: [ITHREAD]
pci0: <serial bus, SMBus> at device 31.3 (no driver attached)
acpi_tz0: <Thermal Zone> on acpi0
acpi_tz1: <Thermal Zone> on acpi0
atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
atkbd0: [ITHREAD]
psm0: <PS/2 Mouse> irq 12 on atkbdc0
psm0: [GIANT-LOCKED]
psm0: [ITHREAD]
psm0: model Generic PS/2 mouse, device ID 0
battery0: <ACPI Control Method Battery> on acpi0
battery1: <ACPI Control Method Battery> on acpi0
acpi_acad0: <AC Adapter> on acpi0
pmtimer0 on isa0
orm0: <ISA Option ROMs> at iomem 0xc0000-0xcefff,0xd8000-0xdbfff,0xdc000-0xe1fff
 pnpid ORM0000 on isa0
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
Timecounter "TSC" frequency 1729182449 Hz quality 800
Timecounters tick every 1.000 msec
ad0: 76319MB <TOSHIBA MK8025GAS KA023A> at ata0-master UDMA100
acd0: DVDR <HL-DT-ST DVDRAM GSA-4082N/HR02> at ata0-slave UDMA33
Trying to mount root from ufs:/dev/ad0s4a
Loading configuration files.
kernel dumps on /dev/ad0s4b
Entropy harvesting:
 interrupts
 ethernet
 point_to_point
 kickstart
.
swapon: adding /dev/ad0s4b as swap device
Starting file system checks:
/dev/ad0s4a: FILE SYSTEM CLEAN; SKIPPING CHECKS
/dev/ad0s4a: clean, 156521 free (3153 frags, 19171 blocks, 1.2% fragmentation)
/dev/ad0s4d: FILE SYSTEM CLEAN; SKIPPING CHECKS
/dev/ad0s4d: clean, 1918837 free (21 frags, 239852 blocks, 0.0% fragmentation)
/dev/ad0s4g: FILE SYSTEM CLEAN; SKIPPING CHECKS
/dev/ad0s4g: clean, 245087 free (31 frags, 30632 blocks, 0.0% fragmentation)
/dev/ad0s4e: FILE SYSTEM CLEAN; SKIPPING CHECKS
/dev/ad0s4e: clean, 404035 free (14659 frags, 48672 blocks, 0.7% fragmentation)
/dev/ad0s4f: FILE SYSTEM CLEAN; SKIPPING CHECKS
/dev/ad0s4f: clean, 239641 free (1745 frags, 29737 blocks, 0.7% fragmentation)
Setting hostuuid: ea4efba0-def1-11da-81a4-d316a1188ce9.
Setting hostid: 0x5df5fbe7.
Mounting local file systems:
.
Setting hostname: kotik.kolatelecom.ru.
net.inet.tcp.blackhole:
0
 ->
2

security.bsd.see_other_uids:
1
 ->
0

security.bsd.see_other_gids:
1
 ->
0

security.bsd.conservative_signals:
1
 ->
0

security.bsd.unprivileged_proc_debug:
1
 ->
0

security.bsd.unprivileged_read_msgbuf:
1
 ->
0

hw.syscons.bell:
1
 ->
0

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        inet 127.0.0.1 netmask 0xff000000
Additional routing options:
.
Starting devd.
hw.acpi.cpu.cx_lowest:
C1
 ->
C1

Additional IP options:
.
Mounting NFS file systems:
.
ELF ldconfig path: /lib /usr/lib /usr/lib/compat /usr/local/lib /usr/local/lib/k
de3 /usr/local/lib/mysql /usr/local/lib/pth
a.out ldconfig path: /usr/lib/aout /usr/lib/compat/aout
Clearing /tmp.
Creating and/or trimming log files:
.
Starting syslogd.
Checking for core dump on /dev/ad0s4b...
savecore: no dumps found
Initial i386 initialization:
.
Additional ABI support:
 linux
.
Starting local daemons:
.
Updating motd
.
Mounting late file systems:
.
Configuring syscons:
 keymap
 keyrate
 scrnmap
 font8x16
 font8x14
 font8x8
 allscreens
.
Starting cron.
Local package initialization:
.
Starting background file system checks in 60 seconds.

Mon Sep 22 15:22:42 UTC 2008
ums0: <Logitech USB Receiver, class 0/0, rev 2.00/2.00, addr 2> on uhub2
ums0: 16 buttons and Z dir.
uhid0: <Logitech USB Receiver, class 0/0, rev 2.00/2.00, addr 2> on uhub2


Re: Длина пароля. FreeBSD 7.0

Добавлено: 2008-09-22 15:13:00
zingel
максимальная динаа пароля есть в /usr/include/limits.h

Код: Выделить всё

#if __XSI_VISIBLE
...
#define PASS_MAX                128     /* _PASSWORD_LEN from <pwd.h> */\
минимальная, соответственно задаётся самой прогой. значит вот тут

Код: Выделить всё

man 8 pam_passwdqc

Re: Длина пароля. FreeBSD 7.0

Добавлено: 2008-09-24 14:35:02
Avatar
man 8 pam_passwdqc
И? Там ничего толком не написано.
Сделал же по манам :

Код: Выделить всё

/etc/pam.d/passwd
password   required   pam_passwdqc.so      min=disabled,disabled,disabled,9,9 passphrase=0 random=0
password   required   pam_unix.so      no_warn try_first_pass nullok
Не работает - см. выше - из под рута пашет, а вот рядовые не могут пароль вообще менять.
Или я что-то не так делаю? Тогда как надо?

Re: Длина пароля. FreeBSD 7.0

Добавлено: 2008-09-24 15:15:20
zingel
ну так у Вас всё security.bsd в ноль выставлено,чего добиться то хотите? максимальной защищённости?