From SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide
Part of GEN000680
Associated with: CCI-000366
To enforce the use of complex passwords, the number of consecutive repeating characters is limited. Passwords with excessive repeated characters may be more vulnerable to password-guessing attacks.
Check the system password maxrepeat setting. Procedure: Check the password maxrepeat option # grep pam_cracklib.so /etc/pam.d/common-password Confirm the maxrepeat option is set to 3 or less as in the example below: password required pam_cracklib.so maxrepeat=3 There may be other options on the line. If no such line is found, or the maxrepeat option is more than 3 this is a finding. A setting of zero disables this option. NOTE: This option was not available in SLES 11 until service pack 2(SP2).
Edit /etc/pam.d/common-password and set the maxrepeat option to a value of 3 or less on the pam_cracklib line.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer