'enforce_for_root' option is not working as expected on Red Hat Enterprise Linux 7

Solution Verified - Updated -

Issue

  • Is there a way to enforce the password policy/complexity on root user in RHEL7?
  • enforce_for_root option isn't recognized/identified in RHEL7.
  • enforce_for_root option isn't working as expected in RHEL7, getting the following error in /var/log/secure:
Nov  9 00:37:05 rhel7 passwd: pam_pwquality(passwd:chauthtok): Reading pwquality configuration file failed: Unknown setting - mindiff
Nov  9 00:37:05 rhel7 passwd: pam_pwquality(passwd:chauthtok): pam_parse: unknown or broken option; enforce-for-root
Nov  9 00:37:05 rhel7 passwd: pam_pwquality(passwd:chauthtok): pam_parse: unknown or broken option; remember=12
Nov  9 00:37:05 rhel7 passwd: pam_pwquality(passwd:chauthtok): Reading pwquality configuration file failed: Unknown setting - mindiff
Nov  9 00:37:05 rhel7 passwd: pam_pwquality(passwd:chauthtok): pam_parse: unknown or broken option; enforce-for-root
  • Unable to perform su - getting an error:
$ su - user
su: Permission denied

Environment

  • Red Hat Enterprise Linux 7
  • libpwquality
  • PAM

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content