Hello!

I'm trying to secure my system and enforce every password user, even root, to begin with letter, I mean, the first character of the password must be letter (upper or lower case, it does not matter), do you know how can I configure it? is it possible?

Kind regards.

it is definitely possible, but that will not secure anything.
here you can start: http://askubuntu.com/questions/15685...h-on-passwords

Thanks pan64 for your help.

Well, I have used other constraints with pam but this one, a letter as a first character, I'm not able to find it, do you know how to do it?

Best regards.

I'm afraid you need to implement your own pam_pwcheck module.

1 members found this post helpful.

Which statistically makes your system LESS secure.

2 members found this post helpful.

Out of interest, why?

If you know that there are only 26 * 2 possibilities for the first character of the password, that's theoretically a lot of possibilities to remove. It also makes it very likely that it's a dictionary word.

Attempts to impose password limits also greatly simplify dictionary attacks because there are now many thousands of words that you don't need to try because you know they're too short or too long.

1 members found this post helpful.

Possible? Yes. You will have to literally make a custom pam module.

Possible with default PAM and Cracklib? No.

Good Idea? Absolutely not, for many reasons mentioned above.

instead of a easy guessed letter

why not use the length
min is 12 and max is 256 and use a phrase
-- not these!!!
" ToBoldlyGoWhereWhereNoOneHas"
" ToBeOrNotToBe"
" ItWas_a_DarkAndStormyNight"

long and hared to crack and EASY TO REMEMBER!!!!
!!! no Post-it-notes" stuck to the screen !!!!

actually I do not know any virus (or other software) which can read the post it notes...

Although there is precious little entropy in any password, a fairly good technique is to use a phrase.

hddtmrutc is remembered by: "Hickory, Dickory, Dock. The mouse ran up the clock."

yykeenpek can be remembered the same way.

When you push arbitrary things like this, they tend to be inconsistent with other systems which leads to your users getting password fatigue and in turn, turning to bad practices such as writing down passwords on paper. I'd say stick with the sensible defaults here and just force a longer password or phrase.

I think you have a little typo in there, or was switching u for an o intentional?

It was, indeed, onintentiunal.

After configuring these settings, Still machine is not asking for complex password or minimum length.I had applied these configuration on RHEL 6.2x 64 bit. Please suggest

hi ledgescha

instead of hijacking a thread it might be better to start a new thread
also 6.2 is a bit OLD
the current minor release of the older 6 series is RHEL 6.8
you are 6 versions and about 4 years out of date

also this is redhat and you DO ??? have the required paid for support contract, right ?

your FIRST stop on the net SHOULD be the redhat site

login with the credentials that were set up with the REQUIRED license / support contract and do a search
-- you will need to be loged in to read most of the knowledge base results