Why user is able to set password with less than 8 characters when 'minlen = 8' is set in password policy with pam_cracklib?
Issue
- While applying the password policy on server, it seems
minlen
parameter is not obeyed. - Users can set password less than what is defined by
minlen
from modulepam_cracklib.so
password requisite pam_cracklib.so try_first_pass retry=3 type= minlen=8
Environment
- Red Hat Enterprise Linux 4
- Red Hat Enterprise Linux 5
- Red Hat Enterprise Linux 6
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.