Password Policy

Support for security such as Firewalls and securing linux
atif1980
Posts: 3
Joined: 2010/01/07 12:54:21

Password Policy

Postby atif1980 » 2010/01/07 13:00:40

Hi All,

I want to implement Passowrd Policy, below mentioned are our organization password policy

a. Minimum password length is 8 characters
b. Passwords must contain at least three of the following four
o Lowercase alpha (a, b, c, etc)
o Uppercase alpha (A, B, C, etc)
o Number (0, 1, 2, 3, etc)
o Special character (!, @, #, $, etc)
c. For users accounts password must expire after every 90 days but for servers and network nodes password must expire in 30 days.
d. For user accounts old passwords cannot be re-used during the last six (06) password cycles but for server and network nodes password cannot be reused.
e. Accounts must be locked after 6 failed login attempts and will only be reactivated by contacting help desk

Kindly guide me how I am able to do this. Kindly note that, My CentOS machine is standalone and using for TACACS+.

Regards,
Atif.

pschaff
Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America
Contact:

Password Policy

Postby pschaff » 2010/01/07 15:30:52

Welcome to the CentOS fora.

A few of those can be set in /etc/default/useradd and /etc/login.defs but for that complex set of rules the real solution would seem to be one implemented through authentication via a corporate/organizational server.

atif1980
Posts: 3
Joined: 2010/01/07 12:54:21

Re: Password Policy

Postby atif1980 » 2010/01/08 05:41:11

Hi Phil,

Thanks for reply. I am able to applu all restriction with the help of following link

http://www.puschitz.com/SecuringLinux.s ... rPasswords


Regards,

Atif.

pschaff
Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America
Contact:

Re: Password Policy

Postby pschaff » 2010/01/08 16:55:01

Thanks for posting your solution.

atif1980
Posts: 3
Joined: 2010/01/07 12:54:21

Re: Password Policy

Postby atif1980 » 2010/01/09 18:19:42

Hi Phil,


I am getting another issue, as I told earlier that I am using this standalone server as TACACS+ AAA for Juniper and Cisco Routers/Switches. Issue I am facing is that I am not able to get login expiry warning on routers/switches on other hand while login directly on server I am able to get warning. Kindly guide me...


Regards,
Atif.

pschaff
Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America
Contact:

Re: Password Policy

Postby pschaff » 2010/01/11 13:19:53

Not my area of expertise. I suggest opening a new topic with the question.

Haxi052
Posts: 1
Joined: 2010/02/22 06:34:12
Contact:

Re: Password Policy

Postby Haxi052 » 2010/02/22 06:43:54

Hi,
Useful info. Hope to see more good posts in the future.