Password Policy

[atif1980]

Hi All,

I want to implement Passowrd Policy, below mentioned are our organization password policy

a. Minimum password length is 8 characters
b. Passwords must contain at least three of the following four
o Lowercase alpha (a, b, c, etc)
o Uppercase alpha (A, B, C, etc)
o Number (0, 1, 2, 3, etc)
o Special character (!, @, #, $, etc)
c. For users accounts password must expire after every 90 days but for servers and network nodes password must expire in 30 days.
d. For user accounts old passwords cannot be re-used during the last six (06) password cycles but for server and network nodes password cannot be reused.
e. Accounts must be locked after 6 failed login attempts and will only be reactivated by contacting help desk

Kindly guide me how I am able to do this. Kindly note that, My CentOS machine is standalone and using for TACACS+.

Regards,
Atif.

[pschaff]

Welcome to the CentOS fora.

A few of those can be set in /etc/default/useradd and /etc/login.defs but for that complex set of rules the real solution would seem to be one implemented through authentication via a corporate/organizational server.

[atif1980]

Hi Phil,

Thanks for reply. I am able to applu all restriction with the help of following link

http://www.puschitz.com/SecuringLinux.shtml#EnforcingStrongerPasswords


Regards,

Atif.

[pschaff]

Thanks for posting your solution.

[atif1980]

Hi Phil,


I am getting another issue, as I told earlier that I am using this standalone server as TACACS+ AAA for Juniper and Cisco Routers/Switches. Issue I am facing is that I am not able to get login expiry warning on routers/switches on other hand while login directly on server I am able to get warning. Kindly guide me...


Regards,
Atif.

[pschaff]

Not my area of expertise. I suggest opening a new topic with the question.

[Haxi052]

Hi,
Useful info. Hope to see more good posts in the future.