Is there a simple way to disable and enable pam on a system

Latest response

We are having an issue with an application that manages our user id/passwds. Because pam gives a bunch af text like this:

 

You can now choose the new password.

A valid password should be a mix of upper and lower case letters,
digits, and other characters.  You can use an 8 character long
password with characters from all of these classes.  An upper
case letter that begins the password and a digit that ends it do
not count towards the number of character classes used.

Alternatively, if noone else can see your terminal now, you can
pick this as your password: "crowd;beam!Amazon".

Enter new password:
 

 

The program is fialing to change the passwords.

Is there an easy way to stop this?

Can I turn of PAM short term to test to verify this is actualy causing the problem?

What files are controling this behavior?

 

Thanx

Responses

Are you looking to disable PAM (next to impossible to do) or are you looking to disable the password enforcement mechanisms? If the latter, you should be able to do so by either changing the pam_cracklib.so lines from "requisite" to "optional" or completely commenting out the pam_cracklib.so entries from your /etc/pam.d/* files.

 

Hi Joseph.  Password policies and enforcement sure can be "fun" to test out.  A very neccesary evil these days.

 

We have a great document that talks about setting up pam, the in's and out's and files associated with it:

 

https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html-single/Managing_Smart_Cards/index.html#Pluggable_Authentication_Modules

 

While you review that I can take a peek to see if I can find some suggestions on things you can try out as you're troubleshooting this password management app.

 

-Chris

thanx all for the info. I will have a look into this. Got taken off on another issue but Ill get back to this shorlty.

Thanks for checking back! Let us know how it works out.

Hello

You can now choose the new password.

A valid password should be a mix of upper and lower case letters,
digits, and other characters.  You can use an 8 character long
password with characters from all of these classes.  An upper
case letter that begins the password and a digit that ends it do
not count towards the number of character classes used.

Alternatively, if noone else can see your terminal now, you can
pick this as your password: "crowd;beam!Amazon".

Enter new password:

 

You are getting above text because you are using pam_passwdqc.so which dumps above info message, Try changing it to pam_cracklib.so.

How about changing password using something like this.

# echo password |passwd --stdin username