Account Management & Authentication Policies

IAM
Security

This lab applied Identity and Access Management (IAM) principles to a live Ubuntu environment. The focus was on enforcing least privilege through proper user and group structures, and hardening authentication through password policy controls.

Video Breakdown Here

Project Scope

  • Created and managed local user and group structures to demonstrate least-privilege access control.
  • Implemented password quality enforcement at the operating-system level.
  • Tested weak-password scenarios to confirm the policy worked in practice, not just in configuration files.

Impact

  • Demonstrated how role-based account design reduces unnecessary administrative access.
  • Strengthened authentication controls by blocking weak and easily guessed passwords.
  • Showed a practical IAM baseline that can be expanded into broader Linux access governance.

Tools & Methods

  • Ubuntu Linux
  • Local users and groups
  • usermod
  • groupadd
  • PAM
  • libpam-pwquality

User & Group Management

Two users were created — alice and bob — to simulate a real-world access control scenario. Alice was assigned to the admins group, granting elevated permissions, while Bob remained a standard user with no group elevation. This directly demonstrates the principle of least privilege: users receive only the access necessary for their role.

sudo adduser alice
sudo adduser bob
sudo groupadd admins
sudo usermod -aG admins alice

Password Policy Enforcement

The libpam-pwquality module was installed to enforce strong password requirements at the OS level. Weak passwords were tested to confirm policy enforcement was active — attempts using 123, alice, and password were all rejected as expected, validating that the policy blocked short, common, and username-matching passwords.

sudo apt install libpam-pwquality

Key Takeaways

Proper IAM configuration is one of the most impactful security controls available. Misconfigured user accounts and weak password policies are among the most common entry points in real-world breaches. This lab demonstrates hands-on application of least privilege and authentication hardening in a Linux environment.

Date Mar 3, 2026
Client University at Albany / CYBR203
Role Security Engineer

Ma'Nye Wade

Cybersecurity portfolio featuring projects, writing, and practical security work across defensive operations and systems hardening.

Download Resume Get In Touch

Projects

Navigation