Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Setting password complexity

    General pfSense Questions
    2
    2
    2600
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pingulino last edited by

      On our firewall pfSense 2.01 we need to set password complexity & auto-expiration (this is a requirement for PCI-DSS certification).
      There is nothing in the webgui, so I was thinking of using PAM.
      However, when I set password complexity rules in /etc/pam.d/passwd, this has no effect when using the webgui!
      It works fine when I try to change the password logged in via ssh so the rule in itself is ok. The line in /etc/pam.d/passwd:

      password        requisite   pam_passwdqc.so          min=disabled,disabled,disabled,8,7

      Is there any other way to go?

      1 Reply Last reply Reply Quote 0
      • C
        cmb last edited by

        You can't hack in PAM like that. Using LDAP for authentication is how nearly all our PCI-certified customers do things. Some use local accounts on the firewall instead. The local admin account will still have to exist, but you just need a policy to manage it accordingly. Basically no firewall (or router, or switch) has forced password complexity requirements nor forced password changes, it's adequate to manually manage those things via your general security practices and policies.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy