How to enforce password complexity in Redhat?

linux redhat password
24,753

Solution 1

minlen=8 ucredit=1 dcredit=1 ocredit=0 lcredit=0

I'm guessing that you want your passwords to be at least 8 characters, contain at least 1 uppercase character and 1 digit. If so, that is NOT what you have configured.

For that you should use: minlen=8 ucredit=-1 dcredit=-1.

Explanation: the minlen algorithm uses "credits" to determine the length value. Suppose you had a 6 character password. minlength would be no less than 6. Then, wihtout using any of the credit values, you would get 1 "credit" for using lowercase characters, 1 credit for using uppercase characters and so on. Thus, a password of Hello! is 6 characters, +1 for using uppercase, +1 for using lower case, +1 for using special characters for a total minlen value of 9.

Specifying ucredit=1 dcredit=1 ocredit=0 lcredit=0, with the same password gives a length of 6, +1 for using uppercase, 0 for using lowercase and 0 for using special characters, for a length of 7. It does not FORCE you to use uppercase characters.

If you use a negative number for the credits, that requires you to have at least that many, and does NOT use credits.

So minlength=8 ucredit=-1 dcredit=-1 ocredit=0 lcredit=0 will then require the password to be at least 8 characters long, contain at least 1 uppercase character and 1 digit. Thus a password of helloboy is 8 characters, but will fail. Hellob0y will pass. He$$ob0y will also pass.

Solution 2

When you login via ssh /etc.pam.d/sshd policy file is used. This file includes /etc/pam.d/system-auth, and you have to consider the contents of both files.

If you login via /bin/login, then the file /etc/pam.d/login is used therefore any changes to it will only affect /bin/login.

So you might need to make changes in both files i.e. /etc/pam.d/system-auth and /etc/pam.d/login. Or change the one though which you want to force the password complexity.

Share:
24,753

Related videos on Youtube

Manas
Author by

Manas

Updated on September 18, 2022

Comments

  • Manas
    Manas over 1 year

    I googled and found a few links about it like these: Forcing Password Complexity in Red Hat
    How to enforce password complexity on Linux

    It says that we need to make changes in /etc/pam.d/system-auth file. I have set parameters for forcing password complexity and then tried to create a new user, but the rules set by me (like minimum number of characters and minimum number of uppercase letters and minimum number of numbers required) didn't prohibit me from creating the password which didn't follow these rules.

    Please help me and let me know how to achieve this.

    • Kenny Rasschaert
      Kenny Rasschaert about 11 years
      Did you try setting the password as the new user or as root? Password restrictions do not apply to the root user.
    • Manas
      Manas about 11 years
      Yes was setting the password of a new user and not of a root user. First I logged in as a rot user and then applied the restrictions on the a new user and disabled his current password. Next when I tried to log in as this new user it notified me that I should change my password. So I was asked to enter my current password and I did. Then I was asked to enter my new password twice. This password that I entered was only 7 digits but I had set the condition for this password to have minimum of 8 digits but still i was able to create this new password. Please help.
    • Andrew B
      Andrew B about 11 years
      You'll need to show us the changes you made to your PAM configuration. PAM is a complicated topic and something that even experienced system admins get wrong sometimes.
    • Andrew B
      Andrew B about 11 years
      Please edit it into the original question. You should probably show us the entire file as well, so that we can see how it interacts with the existing entries in your PAM stack. Thanks!
    • Peter
      Peter almost 8 years
      I think that link is not very clear, and it's not surprising that you may have been mislead. computerworld.com/article/2726217/endpoint-protection/… is better IMHO.
  • Andrew B
    Andrew B about 11 years
    Included files are stacked with the contents of the file. You have to treat the contents of the included file as being inline based on the position of the include. I've retracted my downvote and submitted an edit to your first paragraph.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

linux + when change passwd we get permission denied
When and Why run alternatives --install java jar javac javaws on installing jdk in linux
/usr/bin/ld: attempted static link of dynamic object `/usr/lib64/libm.so'
python No module named ujson, while it's already installed
CentOS use SNMP to show interface useage
PHP - Unable to load dynamic library '/usr/lib64/php/modules/
Changing temporary file folder location in linux (for everything on the system)?
RedHat yum subversion installation
How to find the RAM size in Red Hat Linux Server?
install make in redhat - make command not found