Configure authentication rules with PAM
You can use a pluggable authentication module (PAM) to set authentication rules. To configure PAM settings, specify control values in Hiera.
For example, assume that you want to enforce a minimum length of 30 characters for
passwords. Because you are implementing the CIS Oracle Linux 8 Benchmark 2.0.0, you go to the Reference and look for the
relevant control in that benchmark. The control is 5.5.1, “Ensure password creation
requirements are configured,” which specifies a default minimum password length of
14. On the minlen
parameter, you replace the default
value of 14 with a new value of 30, as shown in the
example:
Copy
sce_linux::config:
control_configs:
"Ensure password creation requirements are configured":
manage_pwquality: true
manage_pam_auth: true
minlen: 30
minclass: 4
faillock_args: ["preauth", "silent", "audit", "deny=5", "unlock_time=900"]
pwhistory_args: ["use_authtok", "remember=5", "retry=3"]