Quantcast
Channel: VMware Communities : All Content - All Communities
Viewing all articles
Browse latest Browse all 179681

Issues with DISA STIG guidance and /etc/pam.d/passwd

$
0
0

In running through the excercise of hardening a vSphere 5.1 environment, I am having difficulty with implementing a particular security control.  When I implement the "remember=5" switch as described below, I cannot change the root password no matter what I attempt to input as the password.


The control essentially states the /etc/pam.d/passwd file must have the "remember" switch set to no less than 5.  Essentially to ensure a password has not been reused within the last 5 password resets.


Control:  GEN000800-ESXI5-000053


Test step:  # grep "^password" /etc/pam.d/passwd | grep sufficient | grep "remember="

 

My input to the passwd file:  password requisite /lib/security/$ISA/pam_passwdqc.so remember=5 similar=deny retry=3 min=disabled,disabled,disabled,disabled,14

 

I am curious if anyone else has this implemented successfully?  Is there something I am missing here?  Any thoughts or suggestions are appreciated...

 

Greg C.


Viewing all articles
Browse latest Browse all 179681

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>