Password Policy

Support for security such as Firewalls and securing linux
Post Reply
atif1980
Posts: 3
Joined: 2010/01/07 12:54:21

Password Policy

Post by atif1980 » 2010/01/07 13:00:40

Hi All,

I want to implement Passowrd Policy, below mentioned are our organization password policy

a. Minimum password length is 8 characters
b. Passwords must contain at least three of the following four
o Lowercase alpha (a, b, c, etc)
o Uppercase alpha (A, B, C, etc)
o Number (0, 1, 2, 3, etc)
o Special character (!, @, #, $, etc)
c. For users accounts password must expire after every 90 days but for servers and network nodes password must expire in 30 days.
d. For user accounts old passwords cannot be re-used during the last six (06) password cycles but for server and network nodes password cannot be reused.
e. Accounts must be locked after 6 failed login attempts and will only be reactivated by contacting help desk

Kindly guide me how I am able to do this. Kindly note that, My CentOS machine is standalone and using for TACACS+.

Regards,
Atif.

pschaff
Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America
Contact:

Password Policy

Post by pschaff » 2010/01/07 15:30:52

Welcome to the CentOS fora.

A few of those can be set in /etc/default/useradd and /etc/login.defs but for that complex set of rules the real solution would seem to be one implemented through authentication via a corporate/organizational server.

atif1980
Posts: 3
Joined: 2010/01/07 12:54:21

Re: Password Policy

Post by atif1980 » 2010/01/08 05:41:11

Hi Phil,

Thanks for reply. I am able to applu all restriction with the help of following link

http://www.puschitz.com/SecuringLinux.shtml#EnforcingStrongerPasswords


Regards,

Atif.

pschaff
Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America
Contact:

Re: Password Policy

Post by pschaff » 2010/01/08 16:55:01

Thanks for posting your solution.

atif1980
Posts: 3
Joined: 2010/01/07 12:54:21

Re: Password Policy

Post by atif1980 » 2010/01/09 18:19:42

Hi Phil,


I am getting another issue, as I told earlier that I am using this standalone server as TACACS+ AAA for Juniper and Cisco Routers/Switches. Issue I am facing is that I am not able to get login expiry warning on routers/switches on other hand while login directly on server I am able to get warning. Kindly guide me...


Regards,
Atif.

pschaff
Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America
Contact:

Re: Password Policy

Post by pschaff » 2010/01/11 13:19:53

Not my area of expertise. I suggest opening a new topic with the question.

Haxi052
Posts: 1
Joined: 2010/02/22 06:34:12
Contact:

Re: Password Policy

Post by Haxi052 » 2010/02/22 06:43:54

Hi,
Useful info. Hope to see more good posts in the future.

Post Reply