Password Special Characters (ocredit) in 6.7

Latest response

HI

Is there anywhere I can find a definitive list of acceptable password special characters that are enforced by the ocredit setting in /etc/pam.d/system-auth?

Regards

Responses

Rohan,

See this discussion from 2014 first at https://access.redhat.com/discussions/1265203.

Then also see this discussion https://access.redhat.com/discussions/1295753 which basically in the whole of that in context points to this location https://github.com/openscap/scap-security-guide, which when you go to RHEL/6/input/remediations/bash/ and look for a script named "accounts_password_pam_ocredit.sh" which has the following:

RHEL6 that you cited
# platform = Red Hat Enterprise Linux 6
. /usr/share/scap-security-guide/remediation_functions
populate var_password_pam_ocredit

if grep -q "ocredit=" /etc/pam.d/system-auth; then
        sed -i --follow-symlinks "s/\(ocredit *= *\).*/\1$var_password_pam_ocredit/" /etc/pam.d/system-auth
else
        sed -i --follow-symlinks "/pam_cracklib.so/ s/$/ ocredit=$var_password_pam_ocredit/" /etc/pam.d/system-auth
fi

RHEL7 just for reference

RHEL/7/input/remediations/bash/ and look for accounts_password_pam_ocredit.sh

# platform = Red Hat Enterprise Linux 7
. /usr/share/scap-security-guide/remediation_functions
populate var_password_pam_ocredit

if egrep -q ^ocredit[[:space:]]*=[[:space:]]*[-]?[[:digit:]]+ /etc/security/pwquality.conf; then
        sed -i "s/^\(ocredit *= *\).*/\1$var_password_pam_ocredit/" /etc/security/pwquality.conf
else
        sed -i "/\(ocredit *= *\).*/a ocredit = $var_password_pam_ocredit" /etc/security/pwquality.conf
fi

Additionally examine the other scripts given away at that location.

p.s. also see https://access.redhat.com/discussions/1404353

Note the remediation_functions that are sourced which is part of the open source scap at the link above.

EDITED to fix bash shell filename