Hi All,
I want to implement Passowrd Policy, below mentioned are our organization password policy
a. Minimum password length is 8 characters
b. Passwords must contain at least three of the following four
o Lowercase alpha (a, b, c, etc)
o Uppercase alpha (A, B, C, etc)
o Number (0, 1, 2, 3, etc)
o Special character (!, @, #, $, etc)
c. For users accounts password must expire after every 90 days but for servers and network nodes password must expire in 30 days.
d. For user accounts old passwords cannot be re-used during the last six (06) password cycles but for server and network nodes password cannot be reused.
e. Accounts must be locked after 6 failed login attempts and will only be reactivated by contacting help desk
Kindly guide me how I am able to do this. Kindly note that, My CentOS machine is standalone and using for TACACS+.
Regards,
Atif.
Password Policy
-
- Retired Moderator
- Posts: 18276
- Joined: 2006/12/13 20:15:34
- Location: Tidewater, Virginia, North America
- Contact:
Password Policy
Welcome to the CentOS fora.
A few of those can be set in /etc/default/useradd and /etc/login.defs but for that complex set of rules the real solution would seem to be one implemented through authentication via a corporate/organizational server.
A few of those can be set in /etc/default/useradd and /etc/login.defs but for that complex set of rules the real solution would seem to be one implemented through authentication via a corporate/organizational server.
Re: Password Policy
Hi Phil,
Thanks for reply. I am able to applu all restriction with the help of following link
http://www.puschitz.com/SecuringLinux.shtml#EnforcingStrongerPasswords
Regards,
Atif.
Thanks for reply. I am able to applu all restriction with the help of following link
http://www.puschitz.com/SecuringLinux.shtml#EnforcingStrongerPasswords
Regards,
Atif.
-
- Retired Moderator
- Posts: 18276
- Joined: 2006/12/13 20:15:34
- Location: Tidewater, Virginia, North America
- Contact:
Re: Password Policy
Thanks for posting your solution.
Re: Password Policy
Hi Phil,
I am getting another issue, as I told earlier that I am using this standalone server as TACACS+ AAA for Juniper and Cisco Routers/Switches. Issue I am facing is that I am not able to get login expiry warning on routers/switches on other hand while login directly on server I am able to get warning. Kindly guide me...
Regards,
Atif.
I am getting another issue, as I told earlier that I am using this standalone server as TACACS+ AAA for Juniper and Cisco Routers/Switches. Issue I am facing is that I am not able to get login expiry warning on routers/switches on other hand while login directly on server I am able to get warning. Kindly guide me...
Regards,
Atif.
-
- Retired Moderator
- Posts: 18276
- Joined: 2006/12/13 20:15:34
- Location: Tidewater, Virginia, North America
- Contact:
Re: Password Policy
Not my area of expertise. I suggest opening a new topic with the question.
Re: Password Policy
Hi,
Useful info. Hope to see more good posts in the future.
Useful info. Hope to see more good posts in the future.