LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-29-2010, 08:58 AM   #1
SirTristan
Member
 
Registered: Feb 2006
Distribution: GNU/Linux
Posts: 54

Rep: Reputation: 15
'passwd' command - "BAD PASSWORD: it does not contain enough DIFFERENT characters"?


I'm trying to change the password for an account using the passwd command in Linux. However I'm getting the error:

"BAD PASSWORD: it does not contain enough DIFFERENT characters"

Even though the passwords I'm trying seem pretty safe and complicated enough to me. I googled and think this is controlled by something called cracklib? Don't know for sure though.

How can I change the settings for this, perhaps lowering the amount of different characters required, or disabling whatever security setting is causing this error?
 
Old 10-29-2010, 10:49 AM   #2
mlangdn
Senior Member
 
Registered: Mar 2005
Location: Kentucky
Distribution: Slackware64-current
Posts: 1,432

Rep: Reputation: 196Reputation: 196
Using su or sudo, try it this way:

Code:
# passwd user
where user is the actual username you wish to change.

Doing it this way (with root privileges) will force the change.

Last edited by mlangdn; 10-29-2010 at 08:28 PM.
 
Old 10-29-2010, 11:29 AM   #3
HasC
Member
 
Registered: Oct 2009
Location: South America - Paraguay
Distribution: Debian 5 - Slackware 13.1 - Arch - Some others linuxes/*BSDs through KVM and Xen
Posts: 329

Rep: Reputation: 55
it isn't an error, it's a good and very desirable security feature.

anyways, if you want to disable it, look in your PAM files for a line that looks like this
Code:
password required pam_cracklib.so retry=3 minlen=11 difok=3 lcredit=0 ucredit=1
dcredit=1 ocredit=1
(from a CentOS installation)
and modify it as you want. More info here.
 
Old 10-29-2010, 05:21 PM   #4
jefro
Moderator
 
Registered: Mar 2008
Posts: 16,357

Rep: Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377
"t does not contain enough DIFFERENT characters""

That means what is called 3 of 4 rule.

Capital letters such as ABCD

Lower case such as abcd

Numbers such as 1234

Other's such as !@#$

Usually you need to have a password that contains at least three of those.
 
Old 10-30-2010, 08:10 AM   #5
SirTristan
Member
 
Registered: Feb 2006
Distribution: GNU/Linux
Posts: 54

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by mlangdn View Post
Doing it this way (with root privileges) will force the change.
Thanks, but this is how I was doing it, I was doing it as root.
Quote:
Originally Posted by HasC View Post
anyways, if you want to disable it, look in your PAM files for a line that looks like this
Code:
password required pam_cracklib.so retry=3 minlen=11 difok=3 lcredit=0 ucredit=1
dcredit=1 ocredit=1
(from a CentOS installation)
and modify it as you want. More info here.
Thank you. What might my pam configuration file be called though? From that documentation, I should have a file /etc/pam.conf, but I don't have this file. I do have a folder /etc/pam.d, but there are no *.conf files located there.

Using 'find' I found similar text in /etc/pam.d/system-auth.orig and /etc/pam.d/system-auth-ac. system-auth-ac contained the following lines, which are similar:
Code:
password    requisite     pam_cracklib.so try_first_pass retry=3
password    sufficient    pam_unix.so md5 shadow nullok try_first_pass use_authtok
password    sufficient    pam_unix.so md5 shadow nullok try_first_pass
password    required      pam_deny.so
And system-auth.orig contained the following lines, which are similar:
Code:
password    requisite     pam_cracklib.so try_first_pass retry=3
password    sufficient    pam_unix.so md5 shadow nullok try_first_pass use_authtok
password    required      pam_deny.so
I don't want to mess with anything here though before I know what I'm doing.

Also, how would I restart PAM after making changes?
 
Old 08-02-2012, 07:07 PM   #6
emory458
LQ Newbie
 
Registered: Aug 2012
Posts: 1

Rep: Reputation: Disabled
PAM modules for Password options

In RHEL5+, I see we no longer have a /etc/pam.conf file, but use PAM modules - in /etc/pam.d. I find many referecnes of WHAT to change in these files, but not HOW. I've tried editing the /etc/pam.d/system-auth file (which is linked to system-auth-ac), but the comment lines give me pause. It explicitly indicates this file is autogenerated, and any user edits wil be lost when authconfig is re-run. What I c an;t find is how do I modify this file on a permanent basis, so its entered in the autogenerated file.

The system/authentication GUI interface only allows for choosing authentication type - local files, NIS, LDAP. Modifying the /etc/login.defs fiel - while usable in rh4 adn below, has no meaning now apparently - as PAM modules override this.

Does anyone know how I can modify this file?
 
Old 08-02-2012, 11:34 PM   #7
wilomr11st
LQ Newbie
 
Registered: Aug 2012
Posts: 1

Rep: Reputation: 0
Usually you need to have a password that contains at least three of those.http://x.co/huI3
http://secure.hostgator.com/~affilia...gi?id=paul87st
http://click.linksynergy.com/fs-bin/...1 Internet Inc
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
"bad passwd file" when logging into Chroot Jail ddenton Linux - Security 3 10-17-2011 01:52 AM
Having difficulties setting up passwd; "no matching password file entry..." tgp1994 Linux - Software 3 11-25-2009 03:16 PM
passwd command says BAD PASSWORD planetmars Linux - Newbie 9 09-19-2009 04:42 AM
Turn off "Bad password" forcing in passwd Rotwang Linux - General 1 05-02-2006 08:55 AM
Root password: do certain characters "break" Linux? Sumleilmus Linux - Newbie 3 12-28-2004 11:41 PM


All times are GMT -5. The time now is 05:53 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration