Why user is able to set password with less than 8 characters when 'minlen = 8' is set in password policy with pam_cracklib?

Solution Unverified - Updated -

Issue

  • While applying the password policy on server, it seems minlen parameter is not obeyed.
  • Users can set password less than what is defined by minlen from module pam_cracklib.so
password    requisite     pam_cracklib.so try_first_pass retry=3 type= minlen=8

Environment

  • Red Hat Enterprise Linux 4
  • Red Hat Enterprise Linux 5
  • Red Hat Enterprise Linux 6

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content