Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 03-03-2010, 04:45 AM   #1
Registered: Jul 2009
Posts: 41

Rep: Reputation: 15
RHEL5_PAM: module does not accept minlen option

Hi there,

When I was trying to configure PAM on a RHEL5 system, I put the following configure in /etc/pam.d/system-auth:

password requisite minlen=15 try_first_pass retry=3 dcredit=-3

The option dcredit take effect, as a normal account I cannot enter a password that has less than 3 digits, but minlen=15 does not. I can still enter a password with the length about 12 characters.

Please give me some advices,

Thanks in advance
Old 03-03-2010, 09:22 PM   #2
LQ Guru
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.9, Centos 7.3
Posts: 17,411

Rep: Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397
Length and Strength

While the "minlen" parameter controls the minimum password length, things are not as simple as they might appear. This is because pam_cracklib combines the notion of password length with password "strength" (the use of mixed-case and non-letter characters).

"minlen" is actually the minimum required length for a password consisting of all lower-case letters. But users get "length credits" for using upper- and lower-case letters, numbers, and non-alphanumeric characters. The default is normally that you can only get a maximum of "1 credit" for each type of character. So if the administrator sets "minlen=12", a user could still have an 8 character password if they used all four types of characters. Actually, since using a lower-case letter gets you a credit, the real minimum length for an all lower-case password is minlen-1.

A good article; I recommend reading it all.
Old 11-14-2010, 11:31 PM   #3
Registered: Jul 2009
Posts: 41

Original Poster
Rep: Reputation: 15
Originally Posted by chrism01 View Post

A good article; I recommend reading it all.
Thanks Chrism01, It's a really good article


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
How do I disable cracklib and use null passwords? openSauce Linux - Security 4 01-29-2011 04:17 PM
Cannot turn off "Accept mail for users' real names" option in sendmail louisedp Linux - Newbie 0 11-03-2009 08:08 AM
Authentication failure after change to cracklib Johnomal Linux - Newbie 6 09-07-2009 01:11 AM
How to use getopts to accept multiple parameters for a single option ? bittus Linux - Newbie 1 09-04-2009 02:38 AM
cant install cracklib on suse MagusYilie Linux - Software 0 05-07-2006 12:10 AM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 10:51 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration