Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enforcing password policies in CoreOS #2581

Open
Eshakk opened this issue May 14, 2019 · 2 comments

Comments

Projects
None yet
3 participants
@Eshakk
Copy link

commented May 14, 2019

Issue Report

How can I enforce password policies in CoreOS ?

I tried to use pam_cracklib.so to enforce requirements like minimum number of uppercase letters, lowercase letters, other characters etc,. But, in journals, I got a message saying pam_cracklib.so is not found.

Under [pam] section in sssd.conf documentation, I did not find the above mentioned requirements to configure.

Can someone please help me understand how to configure password policies on CoreOS ?

Container Linux Version

$ cat /etc/os-release
NAME="Container Linux by CoreOS"
ID=coreos
VERSION=2023.5.0
VERSION_ID=2023.5.0
BUILD_ID=2019-03-09-0138
PRETTY_NAME="Container Linux by CoreOS 2023.5.0 (Rhyolite)"
ANSI_COLOR="38;5;75"
HOME_URL="https://coreos.com/"
BUG_REPORT_URL="https://issues.coreos.com"
COREOS_BOARD="amd64-usr"

Environment

CoreOS is running as a VM in a VMware environment.

@dm0-

This comment has been minimized.

Copy link
Member

commented May 14, 2019

Container Linux does not include pam_cracklib. If you want to add PAM modules, the pam.conf format can take an absolute path for the module name (so e.g. write it to /opt or package it for torcx).

@Eshakk

This comment has been minimized.

Copy link
Author

commented May 15, 2019

@dm0-, Thank you for the info. Could you please show me an example ? Where should I add pam.conf file and what is the format ? Could you please point me to some documentation ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.