Solved

User not able to change password on rhel

Posted on 2014-02-17
7
4,131 Views
Last Modified: 2014-02-18
Hi all,

I know its rsiky but i need to allow User(apart from ROOT) to change password and  that too very simple no complex password policies i need for those users.

for ex.. user name : Jhon
su - jhon
passwd
abcd
abcd

jhon can assign any simple passwrod for himself . no need of root to do that.


for now error is:

[jhon@example ~]$ passwd
Changing password for user jhon.
Changing password for jhon.
(current) UNIX password:
New password:
BAD PASSWORD: it is WAY too short
New password:
BAD PASSWORD: it is WAY too short
New password:
BAD PASSWORD: it is WAY too short
^C
[jhon@example ~]$ passwd
Changing password for user jhon.
Changing password for jhon.
(current) UNIX password:
New password:
BAD PASSWORD: it is based on a dictionary word

please help
0
Comment
Question by:apunkabollywood
  • 4
  • 3
7 Comments
 

Author Comment

by:apunkabollywood
ID: 39864272
Example 2:

Example:

Here I created a account test3 and set the password t, and the password is accepted

[root@localhost ~]# useradd test3
[root@localhost ~]# passwd test3

Changing password for user test3.
New password:
BAD PASSWORD: it is WAY too short
BAD PASSWORD: is a palindrome
Retype new password:

passwd: all authentication tokens updated successfully.
But when it comes to regular user-mode it is very difficult change a password. Check this example

[avi@localhost ~]$ su - test3
Password:

[test3@localhost ~]$ passwd
Changing password for user test3.
Changing password for test3.
(current) UNIX password:
New password:
BAD PASSWORD: it is based on a dictionary word
Password:

passwd: Authentication token manipulation error
I logged into that account and tried to change the password, but this time it not taking simple password, I just knew that its because of pam (Pluggable authentication module ie: /etc/pam.d/)

What changes I do to set any password from regular user? Like being root if we give any password it will accept even single character also. I want that method in user-mode also

I know it's crazy but I want to learn that's it. I am using CentOS 6.2
0
 
LVL 5

Expert Comment

by:Dave Gould
ID: 39864380
Check the file /etc/login.defs
There is a parameter PASS_MIN_LEN

You might also want to look at the file /etc/pam.d/system-auth and look for a line that resembles this : password requisite pam_cracklib.so try_first_pass retry=3 minlen=14 ucredit=-1 dcredit=-1 ocredit=-1 lcredit=-1

You can find an interesting article on the subject here:
http://www.itworld.com/endpoint-security/275056/how-enforce-password-complexity-linux
0
 

Author Comment

by:apunkabollywood
ID: 39864461
All thing works but for root not for the regular users :(
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 5

Expert Comment

by:Dave Gould
ID: 39864472
Have you tried modifying the parameters in the files mentionned?
0
 

Author Comment

by:apunkabollywood
ID: 39864482
Yes all combinations all ready - but i fails whenver trying with regular user - it just says simple password or bad password thats it - and after few times it locks
0
 
LVL 5

Accepted Solution

by:
Dave Gould earned 500 total points
ID: 39864619
Try this
Comment all the three lines

 # password requisite pam_cracklib.so try_first_pass retry=3
 # password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
 # password required pam_deny.so
 
Add this line

 password sufficient /lib/security/$ISA/pam_unix.so nullok md5 shadow
 
Make sure that you keep a login session open and test from another session. This way you will not lock yourself out
0
 

Author Closing Comment

by:apunkabollywood
ID: 39866814
Thank you - great help - just a info - only commenting first line did the t rick
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now