Enforcing Password Complexity on CentOS/RedHat
From Peter Pap's Technowiki
Revision as of 04:00, 27 May 2013 by Ppapa (talk | contribs) (Created page with "Edit the file /etc/pam.d/system-auth and change these two lines: password requisite pam_cracklib.so try_first_pass retry=3 type= password sufficient pam_unix.so...")
Edit the file /etc/pam.d/system-auth and change these two lines:
password requisite pam_cracklib.so try_first_pass retry=3 type= password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
to:
password requisite pam_cracklib.so try_first_pass retry=3 minlen=9 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1 difok=3 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok remember=10
This will mean:
minlen=9 the minimum password length lcredit=-1 minimum of 1 lowercase ucredit=-1 minimum 1 uppercase dcredit=-1 minimum 1 decimal character (number) ocredit=-1 minimum 1 special character (punctuation etc) difok=3 enforces no less than 3 character difference between password changes. remember=10 remembers the last 10 password changes so they can't be repeated.