pam_cracklib does not enforce uppercase when specified
This document (7007427) is provided subject to the disclaimer at the end of this document.
Environment
SUSE Linux Enterprise Server 10 Service Pack 3
Situation
Version of cracklib is 2.8.6-14.10
/et/cpam.d/common-password has the following entry:
password required pam_cracklib.so dcredit=-1 ucredit=-1 ocredit=0 lcredit=-1 minlen=8
password required pam_unix.so nullok user_authtok
A digital, uppercase and lowercase are required with a minimum password length of 8.
When a user sets their password they can set a password in all lower case even though ucredit=-1.
/et/cpam.d/common-password has the following entry:
password required pam_cracklib.so dcredit=-1 ucredit=-1 ocredit=0 lcredit=-1 minlen=8
password required pam_unix.so nullok user_authtok
A digital, uppercase and lowercase are required with a minimum password length of 8.
When a user sets their password they can set a password in all lower case even though ucredit=-1.
Resolution
The pam_cracklib.c in sp4 resolves this issue.
Disclaimer
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7007427
- Creation Date: 27-Dec-2010
- Modified Date:19-Mar-2021
-
- SUSE Linux Enterprise Server
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com
