When the application user base does not have a CAC and is not a current DoD employee, member of the military, or a DoD contractor. Password sufficient pam_unix.Use of passwords for application authentication is intended only for limited situations and should not be used as a replacement for two-factor CAC-enabled authentication.Įxamples of situations where a user ID and password might be used include but are not limited to: If the line containing the "pam_unix.so" line does not have the "remember" module argument set, or the value of the "remember" module argument is set to less than "5", this is a finding.Ĭonfigure the operating system to prohibit password reuse for a minimum of five generations.Īdd the following line in "/etc/pam.d/system-auth-ac" (or modify the line to have the required value): Password sufficient pam_unix.so use_authtok sha512 shadow remember=5 # grep -i remember /etc/pam.d/system-auth-ac ![]() Verify the operating system prohibits password reuse for a minimum of five generations.Ĭheck for the value of the "remember" argument in "/etc/pam.d/system-auth-ac" with the following command: ![]() Red Hat Enterprise Linux 7 Security Technical Implementation Guide If the information system or application allows the user to consecutively reuse their password when that password has exceeded its defined lifetime, the end result is a password that is not changed per policy requirements. ![]() Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |