How to change/disable password complexity test when changing password?
Solution 1
Ok, I will answer my question :)
I've found that pam_unix
module performs password complexity check and it can be configured.
man pam_unix
:
minlen=n
Set a minimum password length of n characters. The default value is
6. The maximum for DES crypt-based passwords is 8 characters.
obscure
Enable some extra checks on password strength. These checks are
based on the "obscure" checks in the original shadow package. The
behavior is similar to the pam_cracklib module, but for
non-dictionary-based checks.
Solution:
Alter the line in the pam_unix
module in the /etc/pam.d/common-password
file to:
password [success=1 default=ignore] pam_unix.so minlen=1 sha512
It allows you to set any password with minimal length of 1.
Solution 2
If it is a once off, using the passwd command as root you can set a simple password for a user by simply entering the desired value, and then enter the password two times at the prompts.
john@workpad:~$ sudo bash
[sudo] password for john:
root@workpad:/home/john# passwd john
New password:
Retype new password:
passwd: password updated successfully
root@workpad:/home/john# exit
exit
john@workpad:~$
Solution 3
Open the common-password
config file for editing:
sudo -H gedit /etc/pam.d/common-password
Comment this line by adding the #
character to the front as shown:
#password [success=2 default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512
Also comment this line, otherwise password setting will ask you to pass a mix of upper/lower case letters:
#password requisite pam_passwdqc.so enforce=everyone max=18 min=disabled,8,8,1,1 retry=2 similar=deny
Now just add this line into the same file:
password [success=1 default=ignore] pam_unix.so minlen=1 sha512
this should do it...
Solution 4
For me on Ubuntu 21.04 in /etc/pam.d/common-password
file:
- Comment this line, because pwquality is an analogue of pam_cracklib for password restrictions
password requisite pam_pwquality.so retry=3
Change next line from
password [success=2 default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512
to
password [success=2 default=ignore] pam_unix.so minlen=1 sha512
Related videos on Youtube
wobmene
Updated on September 18, 2022Comments
-
wobmene almost 2 years
I know that it is a "bad" idea, I know that it is not secure, I know. I searched the net for an answer and all I saw was whining that it's not good. But I like using Linux because it lets me make the system I want and like to use. The end of intro.
I try to change password:
user:~% passwd Changing password for user. (current) UNIX password: Enter new UNIX password: Retype new UNIX password: You must choose a longer password
If I try
sudo passwd user
then I can set any password I want so I don't need password complexity checks for passwd on my system.After googling I've found that there should be PAM module pam_cracklib that tests password for complexity and it can be configured. But my PAM password settings doesn't include pam_cracklib:
% cat /etc/pam.d/passwd | grep '^[^#]' @include common-password % cat /etc/pam.d/common-password | grep '^[^#]' password [success=1 default=ignore] pam_unix.so obscure sha512 password requisite pam_deny.so password required pam_permit.so password optional pam_gnome_keyring.so
I guess that pam_unix makes this test... Oops... Guys, the moment I finished to write this sentence I've got an enlightenment and typed
man pam_unix
in terminal where I've found needed options for pam_unix module.I just removed option obscure and added minlen=1 and now I'm happy. So now I have this line in
/etc/pam.d/common-password
:password [success=1 default=ignore] pam_unix.so minlen=1 sha512
and I can set any password.
I decided to keep this post for people who might need this solution also.
-
Admin over 12 yearsI can't answer my own question for 8 hours after asking, will wait :)
-
Admin over 10 yearsI simply wanted to change my pwd to 123. Couldn't do that with passwd. Tried "sudo passwd <user_name>" and it worked like charm. Didn't need rest of the mumbo-jumbo. Thanks for that part! : )
-
Admin over 10 years@zeFree, the key point of my solution is allowing any user (not having sudo permissions) to use simple passwords
-
Admin over 7 yearsGreat Intro. I have a windows laptop that spends 50% cpu cycles protecting me from viruses. Guess what? Do not need any viruses. The computer is already worthless. So .. linux lets us do what we want. I'm behind a firewall and the computer does not leave my home. Short password? Yes please.
-
Admin almost 5 years@rslnx I think when you're posting your question it gives you the option to provide an answer immediately; I think the 8 hour delay is only there if you don't post your Q/A pair at the same time
-
Admin almost 5 yearsAlso the 11.10 tag doesn't seem necessary, this is still relevant in 18.04; since this is a pretty low level thing it probably won't be changing anytime soon.
-
Admin about 3 yearsWestCoastProjects used to be correct, Linux used to let us do what we want, which is exactly the problem here. It can feel free to give a warning about using a password that it considers weak and isn't up to its standards, but it shouldn't block us from using one, especially, since Linux users usually know what they're doing. 🤦
-
-
Tomofumi almost 10 yearsFYI, there is no pam_passwdqc.so line in my default install of 14.04 server. Maybe someone (admin?) added it on purpose? ;)
-
user almost 5 yearsHe means doing
sudo su && passwd username
then Linux will allow you to use any password you would like. -
Kevin Bowen almost 5 yearsRelated details on password complexity: askubuntu.com/questions/244115/…
-
Synetech about 3 yearsExcept that it's not a one-off. Two years before this answer was posted, the OP had already clarified that he wanted to turn off complexity-checking entirely rather than having to enter a complex password and then use
passwd
to change it. I swear, it's like nobody actually bothers to read anymore. ¬_¬ -
garlix about 2 yearsBonus hint: remove the
obscure
option if present.