Werner Puschitz
Last fiddled: December 17, 2002.
For information on Red Hat Linux, Installation, Documentation, Kernel, Oracle, and Linux in general, see
www.puschitz.com.
pam_cracklib.so
The Linux-PAM System Administrators' Guide
pam_cracklib Documentation
When you check the
pam_cracklib documentation,
you will notice that my patch here for pam_cracklib has been applied
to pam_cracklib at
http://sourceforge.net.
However, at the time of this writing Red Hat has not applied this patch to their Linux distribution
yet. The following procedure shows how I applied the patch to Red Hat Linux
7.2, 7.3, and Red Hat 2.1 Advanced Server.
Procedure for Patching pam_cracklib.c
By default, pam_cracklib on Red Hat Linux 7.2, 7.3, and Red Hat 2.1 Advanced Server
still does not give you the option to define:
- a minimum number of lower case letters (without credits)
- a minimum number of upper case letters (without credits)
- a minimum number of digits (without credits)
- a minimum number of characters (without credits)
for a password with minimum length x.
See
Enforcing Stronger Passwords for more information.
To address this problem, I wrote a patch where these restrictions can be set by assigning
negative numbers to the pam_cracklib.so parameters minlen, lcredit, ucredit, dcredit,
and ocredit. I tested the patch against Red Hat 7.2, 7.3, and against
Red Hat 2.1 Advanced Server.
The procedure below shows how to patch and install pam_cracklib on Red Hat 7.3.
For Red Hat 7.2 and Red Hat 2.1 Advanced Server, I had to change the source path to reflect
the different version number of PAM. Note that only root can install and compile
pam_cracklib.
Make sure you are always logged in as root when you install the new pam_cracklib.so
shared library in /lib/security in case something goes wrong and you are not able to login
as root any more!
Download the PAM source code and the patch:
For Red Hat 7.3, download pam-0.75-32.src.rpm from
ftp://ftp.redhat.com/pub/redhat/linux/7.3/en/os/i386/SRPMS/,
For Red Hat 7.2, download pam-0.75-14.src.rpm from
ftp://ftp.redhat.com/pub/redhat/linux/7.2/en/os/i386/SRPMS/.
Download my pam_cracklib patch from here
and save it as "pam_cracklib.c.patch".
Install the PAM source code on your system:
cp pam-0.75-32.src.rpm /usr/src/redhat/SRPMS
cd /usr/src/redhat/SRPMS
rpm -ivh pam-0.75-32.src.rpm
cd /usr/src/redhat/SOURCES/
tar --bzip -xvf Linux-PAM-0.75.tar.bz2
Save the original pam_cracklib.c file and apply the patch:
cd /usr/src/redhat/SOURCES/Linux-PAM-0.75/modules/pam_cracklib
cp /download_dir/pam_cracklib.c.patch .
# patch < pam_cracklib.c.patch
patching file pam_cracklib.c
#
You can see the patched pam_cracklib.c file here.
Compile pam_cracklib.c:
cd /usr/src/redhat/SOURCES/Linux-PAM-0.75
./configure
cd /usr/src/redhat/SOURCES/Linux-PAM-0.75/modules/pam_cracklib
make
Now you should have a shared library called "pam_cracklib.so" in
/usr/src/redhat/SOURCES/Linux-PAM-0.75/modules/pam_cracklib.
ls /usr/src/redhat/SOURCES/Linux-PAM-0.75/modules/pam_cracklib/pam_cracklib.so
Save the old pam_cracklib.so shared library and copy the new pam_cracklib
module to /lib/security:
cp /lib/security/pam_cracklib.so /lib/security/pam_cracklib.so.orig
cp /usr/src/redhat/SOURCES/Linux-PAM-0.75/modules/pam_cracklib/pam_cracklib.so /lib/security/pam_cracklib.so
The information provided in this article shows how I patched the PAM module and is distributed AS
IS.
Every effort has been made to provide the information as accurate as possible, but no warranty or fitness
is implied. The use of this information described herein is your responsibility, and to use it in your own
environments do so at your own risk.
Comments? webmaster_at_puschitz.com