How To
Summary
The Netezza Performance Server for Cloud Pak for Data and Netezza Performance Server for Cloud Pak for Data System system use pam_cracklib utilities to enforce database user account passwords, which provides a strong set of rules to help users avoid weaker or more easily guessed passwords. This document describes how to customize built-in password dictionary.
Objective
The
pam_cracklib dictionary is in the /usr/lib64 directory. You cannot change the dictpath configuration setting to point to a different dictionary file with the Netezza Performance Server implementation. However, you can customize the dictionary file (cracklib_dict.pwd) for your environment and policies.Steps
1. Make a backup copy of /usr/share/cracklib/
2. Add custom words to the Linux dictionary or create a new one as /usr/share/dict/linux.words
3. Update the cracklib dictionary using the new dictionary file:
create-cracklib-dict /usr/share/dict/linux.words
authconfig --update
4. Test if the new dictionary works as expected
[root@suyos01b-npshost dict]# echo "mycustomword" | cracklib-check
mycustomword: it is based on a dictionary word
5. Reset Netezza password policy to apply changes
[nz@suyos01b-npshost ~]$ nzsql -c "SHOW SYSTEM DEFAULT PASSWORDPOLICY;"
NOTICE: 'password policy' = 'minlen=10 lcredit=0 ucredit=1 dcredit=1 ocredit=1'
SHOW VARIABLE
[nz@suyos01b-npshost ~]$ nzsql -c "SET SYSTEM DEFAULT PASSWORDPOLICY TO NONE;"
SET VARIABLE
[nz@suyos01b-npshost ~]$ nzsql -c "SET SYSTEM DEFAULT PASSWORDPOLICY TO '';"
SET VARIABLE
[nz@suyos01b-npshost ~]$ nzsql -c "SET SYSTEM DEFAULT PASSWORDPOLICY TO 'minlen=10 lcredit=0 ucredit=1 dcredit=1 ocredit=1';"
SET VARIABLE
6. If file /etc/pam.d/netezza_nps_cracklib is owned by root, change the ownership to 'nz' user
[root@suyos01b-npshost ~]$ chown nz:nz /etc/pam.d/netezza_nps_cracklib
7. Test password change:
SYSTEM.ADMIN(ADMIN)=> alter user ABC with password 'RY&fgbwfg_wth3trh_wrt';
ALTER USER
SYSTEM.ADMIN(ADMIN)=> alter user ABC with password 'vpmo!!!@54087yvopmjiqex_#248rco';
ALTER USER
SYSTEM.ADMIN(ADMIN)=> alter user ABC with password '5uwQVWGjHOszlQMOxuY6lmFtK6WeASJhDg==_$';
ALTER USER
SYSTEM.ADMIN(ADMIN)=> alter user ABC with password 'mycustomword';
NOTICE: error from underlying PAM layer: BAD PASSWORD: it is based on a dictionary word
ERROR: ALTER USER: Password does not conform to password policy. ( minlen=10 lcredit=1 ucredit=1 dcredit=1 ocredit=1 )
Related Information
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTNZ3","label":"IBM Netezza for Cloud Pak for Data"},"ARM Category":[{"code":"a8m3p000000GnvwAAC","label":"Cloud Pak for Data System-\u003EIPS"},{"code":"a8m0z000000cvScAAI","label":"Netezza Performance Server"},{"code":"a8m0z000000cvSwAAI","label":"Netezza Performance Server-\u003EReplication"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
15 November 2023
UID
ibm17076214