LinuxQuestions.org - [SOLVED] RHEL5_PAM: cracklib.so module does not accept minlen option

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - RHEL5_PAM: cracklib.so module does not accept minlen option (https://www.linuxquestions.org/questions/linux-newbie-8/rhel5_pam-cracklib-so-module-does-not-accept-minlen-option-792822/)

RHEL5_PAM: cracklib.so module does not accept minlen option

Hi there,

When I was trying to configure PAM on a RHEL5 system, I put the following configure in /etc/pam.d/system-auth:

password requisite pam_cracklib.so minlen=15 try_first_pass retry=3 dcredit=-3

The option dcredit take effect, as a normal account I cannot enter a password that has less than 3 digits, but minlen=15 does not. I can still enter a password with the length about 12 characters.

Please give me some advices,

Thanks in advance

Quote:

Length and Strength

While the "minlen" parameter controls the minimum password length, things are not as simple as they might appear. This is because pam_cracklib combines the notion of password length with password "strength" (the use of mixed-case and non-letter characters).

"minlen" is actually the minimum required length for a password consisting of all lower-case letters. But users get "length credits" for using upper- and lower-case letters, numbers, and non-alphanumeric characters. The default is normally that you can only get a maximum of "1 credit" for each type of character. So if the administrator sets "minlen=12", a user could still have an 8 character password if they used all four types of characters. Actually, since using a lower-case letter gets you a credit, the real minimum length for an all lower-case password is minlen-1.

http://www.deer-run.com/~hal/sysadmin/pam_cracklib.html

A good article; I recommend reading it all.

Quote:

Originally Posted by chrism01 (Post 3884849)

http://www.deer-run.com/~hal/sysadmin/pam_cracklib.html

A good article; I recommend reading it all.

Thanks Chrism01, It's a really good article