Red HatThis forum is for the discussion of Red Hat Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Red Hat Enterprise Linux v 2.1, v 3, v 4
Posts: 174
Rep:
pam_cracklib
I think you're going to want to look for something called pam_cracklib. in teh /etc/pam.d/system-auth file, you can add a line like:
password required /lib/security/pam_cracklib.so
The cracklib.so modules does password strenght checking. I believe it looks for similar passwords, dictionary words, repeated letters, etc. There may be additional options with it to require min length, one number, one uppercase, one lowercase, and one special char.
I think that the pam security files are well documented. Hopefully, this will get you in the right direction.
Yes, what you want is to configure pam_cracklib by adding specific options to it. You would set up the options dcredit, ucredit, ocredit. See man pam_cracklib for details on these options. I don't think it is possible to do exactly as you have described, but you could force them to have at least one of each type of character or something similar. If you really want to have exactly those rules you could write your own pam module.
You should also take a look at man pam.d. It will clue you in on where to look for the pam configuration files. On FC6 it is accomplished in a combination of files. /etc/pam.d/passwd which has includes that point to /etc/pam.d/system-auth a symbolic link of /etc/pam.d/system-auth-ac. In there you should find pam_cracklib.so and be able to add the options to it. man pam gives a good overview of how it all fits together.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.