- Red Hat Enterprise Linux 5
- Red Hat Enterprise Linux 6
- How to configure password complexity for all users including root using passwdqc
- Is it possible to configure/apply password complexity for all users including root using pam_cracklib module?
- Which module should I use to configure password complexity for
- Configure password complexity for root and other users using pam_passwdqc
- PAM pam_cracklib.so restrictions in password definition are not being forced (getting applied) to
- Use PAM module pam_passwdqc.so to meet specific password strength criteria
- Enforce password policies for root user using
By default, Red Hat Enterprise Linux uses the
cracklibmodule to check password strength. However, the
cracklibmodule doesn't enforce password strength checking on the "root". To enforce password checking for all accounts including the root user, another PAM module called
passwdqccan be used instead of
pam_passwdqc.sois provided by
pam_passwdqcpackage in Red Hat Enterprise Linux:
# rpm -qf /lib64/security/pam_passwdqc.so pam_passwdqc-1.0.5-6.el6.x86_64
- Modify the
/etc/pam.d/system-authfile as follows:
Change the following line from:
password requisite pam_cracklib.so try_first_pass retry=3
password requisite pam_passwdqc.so min=disabled,12,8,6,5 max=40 passphrase=3 match=4 similar=deny random=42 enforce=everyone retry=3
passwdqcmodule uses different password checking options to the
cracklibmodule. For detailed information on how to modify the behaviour of the
passwdqcmodule, please refer to the man page of
# man pam_passwdqc
Note that the
cracklibmodules perform similar functions, and should not be used in the same PAM configuration file. It also cannot enforce password strength checking during the installation process of Red Hat Enterprise Linux.
If configuring on a Red Hat Enterprise Linux 6 or above,
/etc/pam.d/password-authfile need to be modified as well.
- Red Hat Enterprise Linux
- Learn more
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.