About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
How To
Summary
The Netezza Performance Server for Cloud Pak for Data and Netezza Performance Server for Cloud Pak for Data System system use pam_cracklib utilities to enforce database user account passwords, which provides a strong set of rules to help users avoid weaker or more easily guessed passwords. This document describes how to customize built-in password dictionary.
Objective
The
pam_cracklib dictionary is in the /usr/lib64 directory. You cannot change the dictpath configuration setting to point to a different dictionary file with the Netezza Performance Server implementation. However, you can customize the dictionary file (cracklib_dict.pwd) for your environment and policies.Steps
1. Make a backup copy of /usr/share/cracklib/
2. Add custom words to the Linux dictionary or create a new one as /usr/share/dict/linux.words
3. Update the cracklib dictionary using the new dictionary file:
create-cracklib-dict /usr/share/dict/linux.words
authconfig --update4. Test if the new dictionary works as expected
[root@suyos01b-npshost dict]# echo "mycustomword" | cracklib-check
mycustomword: it is based on a dictionary word5. Reset Netezza password policy to apply changes
[nz@suyos01b-npshost ~]$ nzsql -c "SHOW SYSTEM DEFAULT PASSWORDPOLICY;"
NOTICE: 'password policy' = 'minlen=10 lcredit=0 ucredit=1 dcredit=1 ocredit=1'
SHOW VARIABLE
[nz@suyos01b-npshost ~]$ nzsql -c "SET SYSTEM DEFAULT PASSWORDPOLICY TO NONE;"
SET VARIABLE
[nz@suyos01b-npshost ~]$ nzsql -c "SET SYSTEM DEFAULT PASSWORDPOLICY TO '';"
SET VARIABLE
[nz@suyos01b-npshost ~]$ nzsql -c "SET SYSTEM DEFAULT PASSWORDPOLICY TO 'minlen=10 lcredit=0 ucredit=1 dcredit=1 ocredit=1';"
SET VARIABLE6. If file /etc/pam.d/netezza_nps_cracklib is owned by root, change the ownership to 'nz' user
[root@suyos01b-npshost ~]$ chown nz:nz /etc/pam.d/netezza_nps_cracklib7. Test password change:
SYSTEM.ADMIN(ADMIN)=> alter user ABC with password 'RY&fgbwfg_wth3trh_wrt';
ALTER USER
SYSTEM.ADMIN(ADMIN)=> alter user ABC with password 'vpmo!!!@54087yvopmjiqex_#248rco';
ALTER USER
SYSTEM.ADMIN(ADMIN)=> alter user ABC with password '5uwQVWGjHOszlQMOxuY6lmFtK6WeASJhDg==_$';
ALTER USER
SYSTEM.ADMIN(ADMIN)=> alter user ABC with password 'mycustomword';
NOTICE: error from underlying PAM layer: BAD PASSWORD: it is based on a dictionary word
ERROR: ALTER USER: Password does not conform to password policy. ( minlen=10 lcredit=1 ucredit=1 dcredit=1 ocredit=1 )Related Information
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTNZ3","label":"IBM Netezza for Cloud Pak for Data"},"ARM Category":[{"code":"a8m3p000000GnvwAAC","label":"Cloud Pak for Data System-\u003EIPS"},{"code":"a8m0z000000cvScAAI","label":"Netezza Performance Server"},{"code":"a8m0z000000cvSwAAI","label":"Netezza Performance Server-\u003EReplication"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
More support for:
IBM Netezza for Cloud Pak for Data
Component:
Cloud Pak for Data System->IPS, Netezza Performance Server, Netezza Performance Server->Replication
Software version:
All Versions
Document number:
7076214
Modified date:
15 November 2023
UID
ibm17076214
Manage My Notification Subscriptions