• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 250
  • Last Modified:

How to Require Unique Passwords

Could you try your luck in helping me find a way to require unique passwords on Red Hat?  Everything I've found so far is advice on CHOOSING a unique password - nothing so far on requiring that your users choose one.
0
MgBoonsboro
Asked:
MgBoonsboro
  • 2
  • 2
1 Solution
 
CoccoBillCommented:
I believe RedHat (Fedora?) uses pam_cracklib: http://www.deer-run.com/~hal/sysadmin/pam_cracklib.html
0
 
TintinCommented:
Depends a little on what you consider to be a "unique" password.  Do you mean that no one else on the system should have the same password as anyone else?
0
 
m1tk4Commented:
You can not do that, and, realistically, it would make very little sense if you could.

If you enforced the rule, the error message would alert the user that the password already exists. From there, it's only one step to try all usernames in /etc/passwd which is world-readable.

The encrypted passwords in /etc/shadow use username/uid as part of crypt salt, so even if 2 different users do have the same password, their hashes would look different in that file.
0
 
TintinCommented:
I realise that unique passwords would be very silly, I suspect "unique" should read "strong".
0
 
m1tk4Commented:
I see :) . Add this:

password     required     pam_cracklib.so retry=3 minlength=10

to /etc/pam.d/passwd

.
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now