Hi,
I’m using SLES 10 and have a need to prevent users from using their username in their password.
Currently, my /etc/pam.d/common-password shows:
password required pam_pwcheck.so
password required pam_cracklib.so use_authtok difok=4 retry=3 minlen=12 lcredit=-2 ucredit=-2 dcredit=-2 ocredit=-2
password required pam_pwcheck.so remember=24 use_authtok use_first_pass
password required pam_unix2.so use_authtok use_first_pass
I know Redhat’s pam_cracklib supports reject_username, but it doesn’t seem to work with SLES10.
Does anyone have any idea how I can accomplish this?
[QUOTE=jombiejp;29638]Hi,
I’m using SLES 10 and have a need to prevent users from using their username in their password.
[…]
I know Redhat’s pam_cracklib supports reject_username, but it doesn’t seem to work with SLES10.[/QUOTE]
SLES10 is pretty old The first SLES version I remember to ship pam_cracklib with support for that parameter was SLES11SP3 - maybe SLES11SP2 had it, SP1 didn’'t.
[QUOTE=jombiejp;29638] Does anyone have any idea how I can accomplish this?[(QUOTE]
Not quite the same, I know, but how about periodically updating a pam_cracklib dictionary with all the current user names in it?
The first SLES version I remember to ship pam_cracklib with support for that parameter was SLES11SP3 - maybe SLES11SP2 had it, SP1 didn’'t.