RE: [CBLX] Pb PAM: enfin je suppose

[ Thread Index | Date Index | More lists.tuxfamily.org/carrefourblinux Archives ]

To: <carrefourblinux@xxxxxxxxxxxxxxxxxxx>
Subject: RE: [CBLX] Pb PAM: enfin je suppose
From: "Delaunay Christophe" <christophe.delaunay@xxxxxxxxxxx>
Date: Wed, 1 Apr 2009 10:26:22 +0200
Thread-index: AcmyAFVsZwz7LVJdR9m+fTmbQVmkdAAoTe6w
Thread-topic: [CBLX] Pb PAM: enfin je suppose

Bonjour Samuel,

Tu as écrit:

>Delaunay Christophe, le Tue 31 Mar 2009 14:52:22 +0200, a écrit :
>> Je me suis dit qu'en commentant la première ligne du system-auth, de la façon suivante:
>> 
>> #password    requisite     pam_cracklib.so try_first_pass retry=3
>> 
>> Ça supprimerait la vérification des mots de passe avec pam_cracklib.
>
>Oui. As-tu pensé à le faire dans tous les fichiers qui mentionnent
>cracklib ?

J'ai vérifié un à un les fichiers contenus dans /etc/pam.d. Le seul qui contenait une instruction demandant d'utiliser cracklib était system-auth. Les autres ont des lignes du genre:

password include system-auth

Ou

password substack system-auth

Cependant, il y a un utilitaire qui s'appelle authconfig qui, quand je le lance avec l'option --test, me dit ceci:

----------------------
[root@rennxlxrda013 ~]# authconfig --test
caching is disabled
nss_files is always enabled
nss_compat is disabled
nss_db is disabled
nss_hesiod is disabled
 hesiod LHS = ""
 hesiod RHS = ""
nss_ldap is disabled
 LDAP+TLS is disabled
 LDAP server = "ldap://127.0.0.1/";
 LDAP base DN = "dc=example,dc=com"
nss_nis is disabled
 NIS server = ""
 NIS domain = ""
nss_nisplus is disabled
nss_winbind is disabled
 SMB workgroup = "MYGROUP"
 SMB servers = ""
 SMB security = "user"
 SMB realm = ""
 Winbind template shell = "/bin/false"
 SMB idmap uid = "16777216-33554431"
 SMB idmap gid = "16777216-33554431"
nss_wins is disabled
DNS preference over NSS or WINS is disabled
pam_unix is always enabled
 shadow passwords are enabled
 password hashing algorithm is sha512
pam_krb5 is disabled
 krb5 realm = "EXAMPLE.COM"
 krb5 realm via dns is disabled
 krb5 kdc = "kerberos.example.com:88"
 krb5 kdc via dns is disabled
 krb5 admin server = "kerberos.example.com:749"
pam_ldap is disabled
 LDAP+TLS is disabled
 LDAP server = "ldap://127.0.0.1/";
 LDAP base DN = "dc=example,dc=com"
pam_pkcs11 is disabled
 use only smartcard for login is disabled
 smartcard module = "coolkey"
 smartcard removal action = "Ignore"
pam_smb_auth is disabled
 SMB workgroup = "MYGROUP"
 SMB servers = ""
pam_winbind is disabled
 SMB workgroup = "MYGROUP"
 SMB servers = ""
 SMB security = "user"
 SMB realm = ""
pam_cracklib is enabled ()
pam_passwdqc is disabled ()
pam_access is disabled ()
pam_mkhomedir is disabled ()
Always authorize local users is enabled ()
Authenticate system accounts against network services is disabled
[root@rennxlxrda013 ~]#
----------------------

Est-ce que cet utilitaire "authconfig" existe également sur autre chose que du redhat-like et si oui, comment on fait pour en changer la configuration?

Un authconfig --help m'a donné tout plein d'options possibles mais pas celle qui permettrait de désactiver le "cracklib".

Merci infiniment. Bonne journée. @+ ChD

---
--
   CarrefourBLinuX MailingListe
   Pour obtenir de l'aide, envoyez le sujet  help  à:
   carrefourblinux-request@xxxxxxxxxxxxxxxxxxx
   Archives:
   http://listengine.tuxfamily.org/lists.tuxfamily.org/carrefourblinux

Messages sorted by: [ date | thread ]
Next by Date: [CBLX] Cicero Erreur
Next by thread: [CBLX] Cicero Erreur

Mail converted by MHonArc 2.6.19+

http://listengine.tuxfamily.org/