How do I get rid of this? It is really annoying... I use really strong password for root, like "m21sosg91t...", always generated passwords of 25 characters, an old obsession I have. But why should I use a strong password for my usual user? If someone guesses it, all I might lose is what I have in my home directory. Big deal!
So, my question is how do I change this? I googled for it and read I have to change /etc/pam.d/passwd or /etc/pam.d/system.auth. I tried to change both of them, but all I've got is "passwd" not work at all... Does anyone know how to do this?

And please, don't tell me what I read in this thread... This is not the answer to the question... Thank you.

But did u try to change it with root?
Thought it root it's possible to use weak passwords even if it's not preferred

This is not the point... When a user wants to use "kitchen" as his password, I want the system to allow this. If he wants to use a weak password, he knows he does this on his own risk and we all know this is annoying sometimes. As root, if you're trying to set a weak password you get a warning but the password is changed successfully. I would like the same behaviour for a usual user, too. Any suggestions?

The password check options are defined in /etc/security/pam_pwcheck.
These options only effect user passwords unless the "enforce_for_root" option is used.

See the "man 8 pam_pwcheck" man page for all of the options.

Looks like you have pam_pwcheck only on Suse. I don't know if it's recommended or not, but I tried to install it on my distro anyway, but I couldn't download it from their homepage and after I googled for it, all the sites led me to the homepage, too. Do you know any other way to do it? I will try later to download that module...

Just one more question:
Are you sure this is what I'm looking for?

You probably have a gui Users & Groups option that sets the same policy.

I bet it is in the manual if you look closely enough.


If you are interested in the pam_pwcheck module, here is its homepage on the web:
http://freshmeat.net/projects/pam_pwcheck/

Oka, thank you. Can you download it from their homepage, which is basically the same page I provided? Because from here that link doesn't work...

I just checked this link:
http://freshmeat.net/redir/pam_pwche...ck-3.0.tar.bz2

try:
wget http://freshmeat.net/redir/pam_pwche...ck-3.0.tar.bz2

But first, check if you have the modules but FC doesn't use it.
/lib/security/pam_pwcheck.so
/lib64/security/pam_pwcheck.so

On my system, it was provided by a pam_modules package.

Thank you.

I bet that I you look around in the FC configuration program(s), you will find where you can adjust the policy you want to. Even if FC doesn't do it using PAM_PASSWD.

I was able to mostly figure out how to do this. I use SuSE 11.0, and I don't know how standard is the functionality I used.

1. Open YaST (entering root password)
2. Click on "Local Security" application
3. Choose Custom Settings (click Next)
4. Deselect "Check New Passwords" and "Test for Complicated Passwords"
5. Click Next and Finish to save.

I was then able to change my user's password.

Note that no warning is given unfortunately. I could not figure out any way to give a warning but then accept the insecure password.

I am going to try to figure out what configuration file was changed but I don't have much confidence.

You can establish the encrypted password directly when you create users

1.- Retrive the encrypted password: perl -e 'print crypt("password", "salt"),"\n"', its output is something like sajH.KaRIwx/k

2.- Crete the user using this output: useradd -g group -c "comentaio" -s /bin/bash -m -d -p sajH.KaRIwx/k user01

vi /etc/pam.d/system-auth

The original file looks like this
------------------------------------------------------------------------------------
password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password required pam_deny.so
------------------------------------------------------------------------------------

Comment all the three lines
------------------------------------------------------------------------------------
# password requisite pam_cracklib.so try_first_pass retry=3
# password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
# password required pam_deny.so
------------------------------------------------------------------------------------

Add this line
------------------------------------------------------------------------------------
password sufficient /lib/security/$ISA/pam_unix.so nullok md5 shadow
------------------------------------------------------------------------------------

It will look like this now
------------------------------------------------------------------------------------
# password requisite pam_cracklib.so try_first_pass retry=3
# password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
# password required pam_deny.so
password sufficient /lib/security/$ISA/pam_unix.so nullok md5 shadow
------------------------------------------------------------------------------------

Note:
------------------------------------------------------------------------------------
If you run authconfig, the file /etc/pam.d/system-auth will be overwritten
------------------------------------------------------------------------------------

Thanks much for this answer. It's the onlyone that makes sense to me. I don't use GUIs much and all I wanted to do is run passwd to change a password.

This is elegent, simple and understandable
thanks

Onwards from rhel6.8 /etc/pam.d/system-auth-ac (among others has changed).

If you copy & paste from a < rhel6.8 then short insecure passwds will be accepted (if you are root)