Hi All,
Need your help in modifying the below parameters for password configuration on SuSe linux server as per SOX Client requirement
Password MinimumLength = 8
Min Upper case chars=1
Min lower case char=1
Min digit chars=1
Min special Chars=1
Lifetime(The maximum period of time, (in days) a user’s password may be in effect before the user is forced to change it.) = 90 days
History(The number of unique new passwords that must be associated with a user account before an old password can be reused) = 24
Minimum password age(The period (in days) that a password must be used before the user can change it)= 2 days
Account Lockout duration(The amount of time a locked-out account remains locked out before automatically becoming unlocked.)=15
Account Lockout threshold(The number of failed sign-in attempts that will cause a user account to be locked.)=6
Kindly help us to set above parameters in our Suse Linux server below is the suse linux version
Linux 4.12.14-197.37-default #1 SMP
cat /etc/SUSE-brand
SLE
VERSION = 15
Thanks for the information.
Kindly let us know is there any specific file where we can edit directly with syntax instead of Yast command.
In yast there is no specific information specified in the link related to below parameters
Min Upper case chars=1
Min lower case char=1
Min digit chars=1
Min special Chars=1
Lifetime
Account Lockout duration
Account Lockout threshold
Hi
The Lifetime can be set via Password Age (10.3), the rest are via pam configuration at https://documentation.suse.com/sles/15-SP1/html/SLES-all/cha-pam.html. I would suggest a peruse at the top level as well at https://documentation.suse.com/sles/15-SP1/html/SLES-all/book-security.html
Hi
Current entries in /etc/pam.d/common-password file as per below
password requisite pam_cracklib.so
password optional pam_gnome_keyring.so use_authtok
password required pam_unix.so use_authtok nullok shadow try_first_pass
If i add below entries it will work are else it may impact the settings are i need to remove any of the above entries and then i need to make below entries
password required pam_unix2.so nullok use_authtok md5
password requisite pam_cracklib.so dcredit=-1 ucredit=-1 lcredit=-1 minlen=12
Please let us know i need to change below parameters as well where i need to edit these parameters
Lifetime(The maximum period of time, (in days) a user’s password may be in effect before the user is forced to change it.) = 90 days
History(The number of unique new passwords that must be associated with a user account before an old password can be reused) = 24
Minimum password age(The period (in days) that a password must be used before the user can change it)= 2 days
Account Lockout duration(The amount of time a locked-out account remains locked out before automatically becoming unlocked.)=15
@Vadapalli those last ones can be done via YaST → Security and Users → Security Center: On the Password Settings section.
Hi Malcolmlewis,
I am unable to see all parameters specified above under Security and Users → Security Center: On the Password Settings section. cross checked with YasT Command as well and that is why i am coming back to you and asking for alternate options.
Please let us know how to make entries in to /etc/pam.d/common-password
if we change password length to 12 whether we need to change password algorithm as well if yes please let us know how to make changes.
Hi Malcomlewis,
Kindly update as we are waiting response from you as we need to implement on Production server on priority basis.
@Vadapalli just a comment, these are peer to peer user Forums, like you I’m just an end user helping out If you want timely support then suggest your raise a Support Request for your issues. Likewise, I’m not sure why you would be rolling out into production an unsupported release of SLES (or do you have a LTSS license, then you have the ability to open a support request?).
In YaST (SLES 15 SP2) I see;
Lifetime - Password Age (Maximum)
History - Number of Passwords to Remember
Min password Age - password Age (Minimum)
Each page has a HELP
button with details of each option in YaST.
Account Lockout duration - See https://www.suse.com/support/kb/doc/?id=000018071
The password length and encryption method (algorithm) are there too in Password Settings.
Hi Malcomlewis,
Thanks for your support.
Can you please let us know how raise a Support request for this issue. We have license.
Please let us know how to raise a Support request.
Hi
@Vadapalli if you login into SUSE Customer Center, https://scc.suse.com/ under 'My Tool’s → Support