39 lines
1.8 KiB
Plaintext
Executable File
39 lines
1.8 KiB
Plaintext
Executable File
#
|
|
# /etc/pam.d/common-password - password-related modules common to all services
|
|
#
|
|
# This file is included from other service-specific PAM config files,
|
|
# and should contain a list of modules that define the services to be
|
|
# used to change user passwords. The default is pam_unix.
|
|
|
|
# Explanation of pam_unix options:
|
|
#
|
|
# The "sha512" option enables salted SHA512 passwords. Without this option,
|
|
# the default is Unix crypt. Prior releases used the option "md5".
|
|
#
|
|
# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
|
|
# login.defs.
|
|
#
|
|
# See the pam_unix manpage for other options.
|
|
|
|
# here are the per-package modules (the "Primary" block)
|
|
|
|
################## Titanium Cloud Password Rules #######################
|
|
## Enforce a password containing atleast 1 lower case, 1 upper case, #
|
|
## 1 digit and 1 special character. Such a password will have a #
|
|
## minimum length of 7 characters. A user may not re-use the last most #
|
|
## recent password and every password must differ from its previous #
|
|
## one by atleast 3 characters #
|
|
## - Added enforce_for_root for pam_pwquality.so #
|
|
########################################################################
|
|
|
|
password required pam_pwquality.so try_first_pass retry=3 authtok_type= difok=3 minlen=7 lcredit=-1 ucredit=-1 ocredit=-1 dcredit=-1 enforce_for_root debug
|
|
password required pam_pwhistory.so use_authtok enforce_for_root remember=2 retry=3 debug
|
|
|
|
password sufficient pam_unix.so sha512 use_authtok debug
|
|
password [success=done authtok_err=die perm_denied=die default=ignore] pam_ldap.so use_authtok debug
|
|
|
|
|
|
|
|
# If we got this far then its clearly a DENY
|
|
password requisite pam_deny.so
|