How to force root to comply pam_cracklib.so password policy on RedHat 6?
I configured pam_cracklib.so on RHEL 6.
But I found those password policy can only effect on non-root users.
Same problem described here (http://superuser.com/questions/647654/how-do-i-disable-or-modify-pams-password-requirements) .
I copied a piece of it here as following:
It does not change the requirement, but it bypasses it. When you run passwd as root, it will ignore the password policies.
So, I googled a lot but no article is talking about how to force root to comply the password policy (Please note, this issue is on RHEL. Seems Debian OS don't have this problem).
Could someone here help me out?
Thank you.
Responses
Effectively, there is no way to force root to comply with a password policy. I mean, yeah, you could theoretically force root to comply with password policies when using interactive password setting, but given that root can still bypass it by doing something like:
usermod -p $(python -c 'import crypt; print crypt.crypt("passwd", "$6$'$(mkpasswd)'$")') root
You're not really buying yourself anything by trying to get PAM to block interactive setting of weak passwords via the passwd command.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
