Difference between revisions of "Enforcing Password Complexity on CentOS/RedHat"
From Peter Pap's Technowiki
(Created page with "Edit the file /etc/pam.d/system-auth and change these two lines: password requisite pam_cracklib.so try_first_pass retry=3 type= password sufficient pam_unix.so...") |
|||
| Line 11: | Line 11: | ||
This will mean: | This will mean: | ||
| − | '''minlen=9''' the minimum password length | + | '''minlen=9''' the minimum password length |
| − | '''lcredit=-1''' minimum of 1 lowercase | + | '''lcredit=-1''' minimum of 1 lowercase |
| − | '''ucredit=-1''' minimum 1 uppercase | + | '''ucredit=-1''' minimum 1 uppercase |
| − | '''dcredit=-1''' minimum 1 decimal character (number) | + | '''dcredit=-1''' minimum 1 decimal character (number) |
| − | '''ocredit=-1''' minimum 1 special character (punctuation etc) | + | '''ocredit=-1''' minimum 1 special character (punctuation etc) |
| − | '''difok=3''' enforces no less than 3 character difference between password changes. | + | '''difok=3''' enforces no less than 3 character difference between password changes. |
| − | '''remember=10''' remembers the last 10 password changes so they can't be repeated. | + | '''remember=10''' remembers the last 10 password changes so they can't be repeated. |
| + | |||
| + | And yes, it's -1!! | ||
Latest revision as of 04:00, 27 May 2013
Edit the file /etc/pam.d/system-auth and change these two lines:
password requisite pam_cracklib.so try_first_pass retry=3 type= password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
to:
password requisite pam_cracklib.so try_first_pass retry=3 minlen=9 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1 difok=3 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok remember=10
This will mean:
minlen=9 the minimum password length lcredit=-1 minimum of 1 lowercase ucredit=-1 minimum 1 uppercase dcredit=-1 minimum 1 decimal character (number) ocredit=-1 minimum 1 special character (punctuation etc) difok=3 enforces no less than 3 character difference between password changes. remember=10 remembers the last 10 password changes so they can't be repeated.
And yes, it's -1!!
