cracklib inserted into pam.d/login
dev o'null
here's a configuration for the /etc/pam.d/passwd program:
password required /lib/security/pam_cracklib.so minlen=10 retry=5
it is working fine, however prior to implementation we had dozens of
users who we know used bad passwords, and if they do not change their
passwords themselves, then those bad passwords remain unknown
potential holes in the system; therefore someone suggested we use the
/etc/pam.d/login file to require cracklib checks each and every time a
user logs into the system. apparently this did not work.
we turned off the PAM passwd configuration, changed a user's password
to "piano" and then turned the configuration back; we configured
/etc/pam.d/login as follows
password required /lib/security/pam_cracklib.so minlen=10
service=system-auth
the user was able to login successfully with that password.
login.defs should have nothing to do with it as we want to capture the
LOGIN authentication through PAM. can this be done?