proper secure passwords
 

How do I go about enforcing rules on users such that they must choose at least one number and one special character in their choice of passwords on RedHat 9? Ideally I like to make these changes and also have the passwords expire in 30 days and the server must retain the last 3 passwords in an exclusion list. Note, the server has been setup and now I want to implement this change.
Thanks in advance

I haven't done much in this area, so I don't know much about what's available for enforcing strong passwords. I did find an article about password security on Redhat's site which gives some suggestions, though. There are some password-cracking programs you can run to test for weak passwords.

Also, the passwd utility does allow you to enforce password aging, which makes users change their passwords periodically. You can set them to expire with whatever lifetime you like. passwd will warn users if their password is too short or doesn't contain numerals/punctuation, but I don't think it'll actually force them to use a secure password.

Sorry I can't be of more help.

You should be able to modify your pam/passwd file to help enforce strong passwords. The following article should give you some insights (here's the Google cached version if you don't want to join). The pam module pam_passwd+ might be something to investigate as well.

Hope this helps.