4. Setting password complexity

Setting password complexity

  • P

    On our firewall pfSense 2.01 we need to set password complexity & auto-expiration (this is a requirement for PCI-DSS certification).
    There is nothing in the webgui, so I was thinking of using PAM.
    However, when I set password complexity rules in /etc/pam.d/passwd, this has no effect when using the webgui!
    It works fine when I try to change the password logged in via ssh so the rule in itself is ok. The line in /etc/pam.d/passwd:

    password        requisite   pam_passwdqc.so          min=disabled,disabled,disabled,8,7

    Is there any other way to go?

    0
  • C

    You can't hack in PAM like that. Using LDAP for authentication is how nearly all our PCI-certified customers do things. Some use local accounts on the firewall instead. The local admin account will still have to exist, but you just need a policy to manage it accordingly. Basically no firewall (or router, or switch) has forced password complexity requirements nor forced password changes, it's adequate to manually manage those things via your general security practices and policies.

    0
Locked
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy