PAM ile kullanici sifre force islemleri

Uzun zamandir PAM ile ilgili onume ne gelirse okumaya calisiyorum, ancak dun tuxtraining da karsilastigim PAM dokumani kadar hosuma giden ve bu konuyu iyi anlatmis bir dokumana rastlamadim.
Kisa bir bolumunu alinti yapacagim makaleyi siddetle okumanizi oneririm.

Enforce strong passwords

In this experiment we’ll use the pam_passwdqc module on the password stack to ensure that users choose strong passwords. (Note that this will only make any difference when users set or change their passwords; it won’t winkle out weak passwords that are already set.)

What you need to do: Red Hat already uses the pam_cracklib module to check password strength in the common system-auth file. We simply need to replace the pam_cracklib line with a line that looks something like this:

password    requisite    pam_passwdqc.so  min=12,10,10,8,6 retry=3


Figure 3 above attempts to illustrate the parameters to pam_passwdqc. The test of a password’s strength is based on its length, but you can set different minimum lengths depending on the number of character classes in your password. There are four character classes: lower case, upper case, digits, and other characters. Upper case letters used as the first character and digits used as the last character of a password don’t count.

How to test it: Try changing your password to various strings; in each case count the number of characters and the number of character classes in the string and predict if it should be an acceptable password. There are a few examples in the table below

Kaynak: http://tuxtraining.com/2009/04/07/how-pam-works