Tuesday, May 15, 2012

Weak password: not enough different characters or classes.

Для нового класса студентов понадобилось установить какой-нибудь простенький пароль на cellmonitor. Однако возникла Problem:

[root@ed01cel02 cellos]# passwd cellmonitor
Changing password for user cellmonitor.

You can now choose the new password or passphrase.

A good password should be a mix of upper and lower case letters,
digits, and other characters.  You can use a 5 character long
password.

A passphrase should be of at least 3 words, 5 to 40 characters
long and contain enough different characters.

Alternatively, if noone else can see your terminal now, you can
pick this as your password: "please_goal!Burma".

Enter new password:
Weak password: not enough different characters or classes.
Try again.

Solution: change enforce=everyone ->  enforce=none

[root@ed01cel02 cellos]# cd /etc/pam.d/

[root@ed01cel02 pam.d]# cat system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        required    pam_unix.so try_first_pass nullok
#auth        required      pam_deny.so

account     required      pam_unix.so

password    requisite     pam_passwdqc.so min=5,5,5,5,5 similar=deny enforce=everyone max=40
password    sufficient    pam_unix.so try_first_pass use_authtok nullok md5 shadow remember=10
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so

End think about return enforce=everyone back after new password is set

5 comments:

  1. Changing password for user cellmonitor.

    You can now choose the new password or passphrase.

    A good password should be a mix of upper and lower case letters,
    digits, and other characters. You can use a 5 character long
    password.

    A passphrase should be of at least 3 words, 5 to 40 characters
    long and contain enough different characters.

    Alternatively, if noone else can see your terminal now, you can
    pick this as your password: "please_goal!Burma".

    how can you remove the above suggestion? It is breaking our script.
    Thanks!

    ReplyDelete
    Replies
    1. Hi, DEsi MALton

      Try passwd --stdin or passwd -S oracle, may be it help you.

      Delete
    2. Hi Yuri Pud,

      Thank you for your reply but it didn't work. Would you know how to disable the whole paragraph of suggestion? Basically our script is looking for "password" and "password" twice as we enter and confirm our pasword while changing it. It is working on thousands of servers but not these Oracle Standalone servers.

      Delete
  2. Hi,
    try passwd 1>/dev/null

    For example:
    # passwd 1>/dev/null
    Enter new password:

    ReplyDelete
  3. Hi,

    Thank you very much for your response.

    ReplyDelete

Could not locate shrept.lst make: *** [client_sharedlib] Error 1

 Installing the quarterly database patch i got unpleasant message : " Patching component oracle.sdo, 12.2.0.1.0... Make failed to ...