How do I change the minimum password length for crack-lib?

abefroman · 09-09-2013, 04:55 PM

How do I change the minimum password length for crack-lib? (CentOS)

It looks like the default is 5:

Code:

root [/etc/pam.d]# echo "4l39ta" | cracklib-check
4l39ta: OK
root [/etc/pam.d]# echo "4l39t" | cracklib-check
4l39t: it is too short
root [/etc/pam.d]# man cracklib-check
No manual entry for cracklib-check

TIA

netnix99 · 09-09-2013, 09:23 PM

Look in /etc/pam.d/system-auth .....

password required /lib/security/pam_cracklib.so retry=3 minlen=5 dcredit=2 ucredit=2 lcredit=2 ocredit=2

minlen= is the field that you are looking for.... the *credit entries define (in this case) 2 uppercase, 2 lowercase, 2 digits, 2 other ...which increases password strength.... retrys is the number of failed attempts before locking the user account.

HTH

abefroman · 09-09-2013, 09:38 PM

Thanks, that didn't seem to do it though, I changed the minlen to 8:

Code:

root [~]#  pico /etc/pam.d/system-auth
root [~]# echo "4l39tarr" | cracklib-check
4l39tarr: OK
root [~]# service sshd restart
Stopping sshd:                                             [  OK  ]
Starting sshd:                                             [  OK  ]
root [~]# echo "4l39tarr" | cracklib-check
4l39tarr: OK
root [~]# cat  /etc/pam.d/system-auth |grep cracklib
password    required     pam_cracklib.so try_first_pass retry=3 minlen=8 dcredit=2 ucredit=2 lcredit=2 ocredit=2

netnix99 · 09-09-2013, 10:53 PM

what happens if, as a user, you execute the command

Code:

passwd

and enter a password of 7 or less characters?

abefroman · 09-09-2013, 11:07 PM

Quote:

Originally Posted by netnix99

what happens if, as a user, you execute the command

Code:

passwd

and enter a password of 7 or less characters?

Good question, I'm trying to use cracklib to valid password, not being entered in passwd though.