MgBoonsboro
asked on
How to Require Unique Passwords
Could you try your luck in helping me find a way to require unique passwords on Red Hat? Everything I've found so far is advice on CHOOSING a unique password - nothing so far on requiring that your users choose one.
I believe RedHat (Fedora?) uses pam_cracklib: http://www.deer-run.com/~hal/sysadmin/pam_cracklib.html
Depends a little on what you consider to be a "unique" password. Do you mean that no one else on the system should have the same password as anyone else?
You can not do that, and, realistically, it would make very little sense if you could.
If you enforced the rule, the error message would alert the user that the password already exists. From there, it's only one step to try all usernames in /etc/passwd which is world-readable.
The encrypted passwords in /etc/shadow use username/uid as part of crypt salt, so even if 2 different users do have the same password, their hashes would look different in that file.
If you enforced the rule, the error message would alert the user that the password already exists. From there, it's only one step to try all usernames in /etc/passwd which is world-readable.
The encrypted passwords in /etc/shadow use username/uid as part of crypt salt, so even if 2 different users do have the same password, their hashes would look different in that file.
I realise that unique passwords would be very silly, I suspect "unique" should read "strong".
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.