Difference between revisions of "Enforcing Password Complexity on CentOS/RedHat"
From Peter Pap's Technowiki
(Created page with "Edit the file /etc/pam.d/system-auth and change these two lines: password requisite pam_cracklib.so try_first_pass retry=3 type= password sufficient pam_unix.so...") |
(No difference)
|
Revision as of 04:00, 27 May 2013
Edit the file /etc/pam.d/system-auth and change these two lines:
password requisite pam_cracklib.so try_first_pass retry=3 type= password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
to:
password requisite pam_cracklib.so try_first_pass retry=3 minlen=9 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1 difok=3 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok remember=10
This will mean:
minlen=9 the minimum password length lcredit=-1 minimum of 1 lowercase ucredit=-1 minimum 1 uppercase dcredit=-1 minimum 1 decimal character (number) ocredit=-1 minimum 1 special character (punctuation etc) difok=3 enforces no less than 3 character difference between password changes. remember=10 remembers the last 10 password changes so they can't be repeated.
