Information
Password complexity can be set through:
- minclass - The minimum number of classes of characters required in a new password. (digits, uppercase, lowercase, others). e.g. minclass = 4 requires digits, uppercase, lower case, and special characters.
- dcredit - The maximum credit for having digits in the new password. If less than 0 it is the minimum number of digits in the new password. e.g. dcredit = -1 requires at least one digit
- ucredit - The maximum credit for having uppercase characters in the new password. If less than 0 it is the minimum number of uppercase characters in the new password. e.g. ucredit = -1 requires at least one uppercase character
- ocredit - The maximum credit for having other characters in the new password. If less than 0 it is the minimum number of other characters in the new password. e.g. ocredit = -1 requires at least one special character
- lcredit - The maximum credit for having lowercase characters in the new password. If less than 0 it is the minimum number of lowercase characters in the new password. e.g. lcredit = -1 requires at least one lowercase character
Strong passwords protect systems from being hacked through brute force methods.
Solution
Create or modify a file ending inconf in the /etc/security/pwquality.conf.d/ directory or the file /etc/security/pwquality.conf and add or modify the following line to set:
- minclass = 4
--AND/OR--
- dcredit = -_N_
- ucredit = -_N_
- ocredit = -_N_
- lcredit = -_N_
Example:
# sed -ri 's/^s*minclasss*=/# &/' /etc/security/pwquality.conf
# printf '
%s' "minclass = 4" >> /etc/security/pwquality.conf.d/50-pwcomplexity.conf
--AND/OR--
# sed -ri 's/^s*[dulo]credits*=/# &/' /etc/security/pwquality.conf
# printf '%s
' "dcredit = -1" "ucredit = -1" "ocredit = -1" "lcredit = -1" > /etc/security/pwquality.conf.d/50-pwcomplexity.conf
- OR/IF - the pam-config tool has been used to configure the global PAM configuration files.Run the following command to add minclass = 4 :
# pam-config -a --cracklib-minclass=4
--AND/OR--
Run the following commands to add password complexity that conforms to local site policy:
# pam-config -a --cracklib-dcredit=<value>
# pam-config -a --cracklib-ucredit=<value>
# pam-config -a --cracklib-lcredit=<value>
# pam-config -a --cracklib-ocredit=<value>