Password quality (policy) is not enforced when adding users
Issue
Password quality (policy) is not enforced when adding users.
-
pam_pwqualityis enabled in PAM stack to enforce password quality:password requisite pam_pwquality.so local_users_only -
enforce_for_rootis enabled to enforce pwquality checks on the root initiated user password change. -
Password quality is checked when running
passwdto set a user's password. Dictionary word is denied.[root@server ~]# passwd user1 Changing password for user user1. New password: <<<<<===== "redhat123" BAD PASSWORD: The password fails the dictionary check - it is based on a dictionary word passwd: Authentication token manipulation error -
However, password policy is not enforced when adding user with
useradd, or changing password withusermod. The same password is accepted:[root@server ~]# usermod -p `openssl passwd -6` user1 Password: <<<<<===== "redhat123" Verifying - Password: <<<<<===== "redhat123" [root@server ~]# useradd -p `openssl passwd -6` user2 Password: <<<<<===== "redhat123" Verifying - Password: <<<<<===== "redhat123"
Environment
- Red Hat Enterprise Linux 7
- Red Hat Enterprise Linux 8
- Red Hat Enterprise Linux 9
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.