Password quality (policy) is not enforced when adding users

Solution Verified - Updated -

Issue

Password quality (policy) is not enforced when adding users.

  • pam_pwquality is enabled in PAM stack to enforce password quality:

    password    requisite                                    pam_pwquality.so local_users_only
    
  • enforce_for_root is enabled to enforce pwquality checks on the root initiated user password change.

  • Password quality is checked when running passwd to set a user's password. Dictionary word is denied.

    [root@server ~]# passwd user1
    Changing password for user user1.
    New password:               <<<<<===== "redhat123"
    BAD PASSWORD: The password fails the dictionary check - it is based on a dictionary word
    passwd: Authentication token manipulation error
    
  • However, password policy is not enforced when adding user with useradd, or changing password with usermod. The same password is accepted:

    [root@server ~]# usermod -p `openssl passwd -6` user1
    Password:                   <<<<<===== "redhat123"
    Verifying - Password:       <<<<<===== "redhat123"
    
    [root@server ~]# useradd -p `openssl passwd -6` user2
    Password:                   <<<<<===== "redhat123"
    Verifying - Password:       <<<<<===== "redhat123"
    

Environment

  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 8
  • Red Hat Enterprise Linux 9

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content